n1000v Cmds

Send document comment s t o nexus1k- docf eedback@ci sco. com.
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco Nexus 1000V Command Reference,
Release 4.0(4)SV1(2)
December 15, 2009
Text Part Number: OL-20462-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower,
Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra,
Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital,
Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch,
AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo,
Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation,
Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream,
Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design),
PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc.
and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0910R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Cisco Nexus 1000V Command Reference, Release 4.0(4)SV1(2)
2009 Cisco Systems, Inc. All rights reserved.
iii
OL-20462-01
New or Changed Commands
This section lists and describes new and changed commands in Release 4.0(4)SV1(2).
New or Changed Command
A
d
d
e
d
C
h
a
n
g
e
d
R
e
m
o
v
e
d
Feature Configuration Document
capability l3control X Layer 3 Control Cisco Nexus 1000V System Management
Configuration Guide, Release 4.0(4)SV1(2)
capability iscsi-multipath X iSCSI Multipath Cisco Nexus 1000V System Management
capability uplink X Port Profile Command removed from CLI
Cisco Nexus 1000V Port Profile
channel-group auto (port profile) X Port Profile Cisco Nexus 1000V Port Profile
clear ip arp inspection statistics vlan X Dynamic ARP
Inspection
Cisco Nexus 1000V Security Configuration
Guide, Release 4.0(4)SV1(2)
errdisable detect cause X DHCP Snooping Cisco Nexus 1000V Security Configuration
errdisable recovery cause X Dynamic ARP
Inspection
errdisable recovery interval X Dynamic ARP
Inspection
ip arp inspection limit X Dynamic ARP
Inspection
ip arp inspection trust X Dynamic ARP
Inspection
ip arp inspection validate X Dynamic ARP
Inspection
ip arp inspection vlan X Dynamic ARP
Inspection
ip dhcp snooping X DHCP Snooping Cisco Nexus 1000V Security Configuration
iv
OL-20462-01
ip dhcp snooping limit rate X DHCP Snooping Cisco Nexus 1000V Security Configuration
ip dhcp snooping trust X DHCP Snooping Cisco Nexus 1000V Security Configuration
ip dhcp snooping vlan X DHCP Snooping Cisco Nexus 1000V Security Configuration
ip source binding X IP Source Guard Cisco Nexus 1000V Security Configuration
ip verify source dhcp-snooping-vlan X DHCP Snooping Cisco Nexus 1000V Security Configuration
pinning X Static Pinning Cisco Nexus 1000V Port Profile
pinning id X Static Pinning Cisco Nexus 1000V Interface Configuration
Cisco Nexus 1000V Port Profile
service-port X Virtual Service
Domain
Cisco Nexus 1000V System Management
show interface ethernet X Interface Rate
Statistics
Cisco Nexus 1000V Interface Configuration
show interface vethernet X Interface Rate
Statistics
show ip arp inspection interface X Dynamic ARP
Inspection
show ip arp inspection statistics X Dynamic ARP
Inspection
show ip dhcp snooping X DHCP Snooping Cisco Nexus 1000V Security Configuration
show ip dhcp snooping binding X DHCP Snooping Cisco Nexus 1000V Security Configuration
show ip verify source X IP Source Guard Cisco Nexus 1000V Interface Configuration
show port-profile X Port Profile Cisco Nexus 1000V Port Profile
show running-config port-profile X Port Profile Cisco Nexus 1000V Port Profile
show svs domain X Layer 3 control Cisco Nexus 1000V System Management
show virtual-service-domain brief X Virtual Service
Domain
A
d
d
e
d
C
h
a
n
g
e
d
R
e
m
o
v
e
d
v
OL-20462-01
show virtual-service-domain interface X Virtual Service
Domain
show virtual-service-domain name X Virtual Service
Domain
sub-group X virtual Port
Channel Host
Mode
(vPC-HM)
sub-group-id X vPC-HM Cisco Nexus 1000V Interface Configuration
svs mode X Layer 3 control Cisco Nexus 1000V System Management
virtual-service-domain X Virtual Service
Domain
A
d
d
e
d
C
h
a
n
g
e
d
R
e
m
o
v
e
d
vi
OL-20462-01
vii
OL-20462-01
Preface
This preface describes the audience, organization, and conventions of the Cisco Nexus 1000V Command
Reference, Release 4.0(4)SV1(2), and how to obtain related documentation.
This chapter includes the following topics:
Audience, page vii
Organization, page vii
Document Conventions, page viii
Related Documentation, page ix
Obtaining Documentation and Submitting a Service Request, page x
Audience
This publication is for experienced users who configure and maintain the Cisco Nexus 1000V.
Organization
This reference is organized as follows:
Chapter Description
A Commands Describes the commands that begin with the letter A.
B Commands Describes the commands that begin with the letter B.
C Commands Describes the commands that begin with the letter C.
D Commands Describes the commands that begin with the letter D.
E Commands Describes the commands that begin with the letter E.
F Commands Describes the commands that begin with the letter F.
G Commands Describes the commands that begin with the letter G.
I Commands Describes the commands that begin with the letter I.
L Commands Describes the commands that begin with the letter L.
M Commands Describes the commands that begin with the letter M.
Preface
viii
OL-20462-01
Document Conventions
Command descriptions use these conventions:
Screen examples use these conventions:
This document uses the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
N Commands Describes the commands that begin with the letter N.
O Commands Describes the commands that begin with the letter O.
P Commands Describes the commands that begin with the letter P.
Q Commands Describes the commands that begin with the letter Q.
R Commands Describes the commands that begin with the letter R.
S Commands Describes the commands that begin with the letter S.
Show Commands Describes the show commands.
T Commands Describes the commands that begin with the letter T.
U Commands Describes the commands that begin with the letter U.
V Commands Describes the commands that begin with the letter V.
W Commands Describes the commands that begin with the letter W.
Chapter Description
Convention Description
boldface font Commands and keywords are in boldface.
italic font Arguments for which you supply values are in italics.
[ ] Elements in square brackets are optional.
[ x | y | z ] Optional alternative keywords are grouped in brackets and separated by vertical
bars.
string A nonquoted set of characters. Do not use quotation marks around the string or
the string will include the quotation marks.
screen font
Terminal sessions and information that the switch displays are in screen font.
boldface screen
font
Information you must enter is in boldface screen font.
italic screen font
Arguments for which you supply values are in italic screen font.
< > Nonprinting characters, such as passwords, are in angle brackets.
[ ] Default responses to system prompts are in square brackets.
!, # An exclamation point (!) or a pound sign (#) at the beginning of a line of code
indicates a comment line.
Preface
ix
OL-20462-01
Caution Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
Tip Means the following information will help you solve a problem.
Related Documentation
Cisco Nexus 1000V includes the following documents available on Cisco.com:
General Information
Cisco Nexus 1000V Release Notes, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Compatibility Information, Release 4.0(4)SV1(2)
Install and Upgrade
Cisco Nexus 1000V Software Installation Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Virtual Ethernet Module Software Installation Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Software Upgrade Guide, Release 4.0(4)SV1(2)
Configuration Guides
Cisco Nexus 1000V License Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Getting Started Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Interface Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Layer 2 Switching Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Port Profile Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Quality of Service Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Security Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V System Management Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V High Availability and Redundancy Configuration Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V XML API User Guide, Release 4.0(4)SV1(2)
Programming Guide
Cisco Nexus 1000V XML API User Guide, Release 4.0(4)SV1(2)
Reference Guides
Cisco Nexus 1000V MIB Quick Reference
Preface
x
OL-20462-01
Troubleshooting and Alerts
Cisco Nexus 1000V Troubleshooting Guide, Release 4.0(4)SV1(2)
Cisco Nexus 1000V Password Recovery Guide
Cisco NX-OS System Messages Reference
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS Version 2.0.
1
OL-20462-01
A Commands
This chapter describes the Cisco Nexus 1000V commands that begin with A.
aaa authentication login console
To configure AAA authentication methods for console logins, use the aaa authentication login console
command. To revert to the default, use the no form of this command.
aaa authentication login console {group group-list} [none] | local | none}
no aaa authentication login console {group group-list [none] | local | none}
Syntax Description
Defaults local
Command Modes Global Configuration (config)
Supported User Roles network-admin
group Specifies to use a server group for authentication.
group-list Specifies a space-separated list of server groups. The list can include the
following:
radius for all configured RADIUS servers.
tacacs+ for all configured TACACS+ servers.
Any configured RADIUS or TACACS+ server group name.
none Specifies to use the username for authentication.
local Specifies to use the local database for authentication.
A Commands
aaa authentication login console
2
OL-20462-01
Command History
Usage Guidelines The group radius, group tacacs+, and group group-list methods refer to a set of previously defined
RADIUS or TACACS+ servers. Use the radius-server host or tacacs-server host command to
configure the host servers. Use the aaa group server command to create a named group of servers.
Use the show aaa group command to display the RADIUS server groups on the device.
If you specify more that one server group, the software checks each group in the order that you specify
in the list.
If you specify the group method or local method and they fail, then the authentication can fail. If you
specify the none method alone or after the group method, then the authentication always succeeds.
The command operates only in the default VDC (VDC 1).
Examples This example shows how to configure the AAA authentication console login methods:
switch# config t
switch(config)# aaa authentication login console group radius
This example shows how to revert to the default AAA authentication console login method:
switch# config t
switch(config)# no aaa authentication login console group radius
Related Commands
Release Modification
4.0(4)SV1(1) This command was introduced.
Command Description
aaa group server Configures AAA server groups.
radius-server host Configures RADIUS servers.
show aaa authentication Displays AAA authentication information.
show aaa group Displays the AAA server groups.
tacacs-server host Configures TACACS+ servers.
A Commands
aaa authentication login default
3
OL-20462-01
To configure the default AAA authentication methods, use the aaa authentication login default
aaa authentication login default {group group-list} [none] | local | none}
no aaa authentication login default {group group-list [none] | local | none}
Syntax Description
Defaults local
Command History
Usage Guidelines The group radius, group tacacs+, and group group-list methods refer to a set of previously defined
RADIUS or TACACS+ servers. Use the radius-server host or tacacs-server host command to
configure the host servers. Use the aaa group server command to create a named group of servers.
Use the show aaa group command to display the RADIUS server groups on the device.
If you specify more that one server group, the software checks each group in the order that you specify
in the list.
If you specify the group method or local method and they fail, then the authentication fails. If you
specify the none method alone or after the group method, then the authentication always succeeds.
group Specifies a server group list to be used for authentication.
group-list Space-separated list of server groups that can include the following:
radius for all configured RADIUS servers.
tacacs+ for all configured TACACS+ servers.
Any configured RADIUS or TACACS+ server group name.
none (Optional) Specifies to use the username for authentication.
local Specifies to use the local database for authentication.
A Commands
4
OL-20462-01
Examples This example shows how to configure the AAA authentication console login method:
switch# config t
switch(config)# aaa authentication login default group radius
This example shows how to revert to the default AAA authentication console login method:
switch# config t
switch(config)# no aaa authentication login default group radius
Related Commands Command Description
radius-server host Configures RADIUS servers.
show aaa authentication Displays AAA authentication information.
show aaa group Displays the AAA server groups.
tacacs-server host Configures TACACS+ servers.
A Commands
aaa authentication login error-enable
5
OL-20462-01
To configure an AAA authentication failure message to display on the console, use the aaa
authentication login error-enable command. To remove the error message, use the no form of this
command.
no aaa authentication login error-enable
Syntax Description This command has no arguments or keywords.
Defaults Disabled
Command History
Usage Guidelines If none of the remote AAA servers respond when a user logs in, the authentication is processed by the
local user database. If you have enabled the display, one of the following message is generated for the
user:
Remote AAA servers unreachable; local authentication done.
Remote AAA servers unreachable; local authentication failed.
Examples This example shows how to enable the display of AAA authentication failure messages to the console:
switch# config t
switch(config)# aaa authentication login error-enable
This example shows how to disable the display of AAA authentication failure messages to the console:
switch# config t
switch(config)# no aaa authentication login error-enable
A Commands
6
OL-20462-01
show aaa authentication
login error-enable
Displays the status of the AAA authentication failure message display.
A Commands
aaa authentication login mschap
7
OL-20462-01
To enable Microsoft Challenge Handshake Authentication Protocol (MSCHAP) authentication at login,
use the aaa authentication login mschap command. To disable MSCHAP, use the no form of this
command.
no aaa authentication login mschap
Defaults Disabled
Command History
Usage Guidelines
Examples This example shows how to enable MSCHAP authentication:
switch# config t
switch(config)# aaa authentication login mschap
This example shows how to disable MSCHAP authentication:
switch# config t
switch(config)# no aaa authentication login mschap
Related Commands
Command Description
login mschap
Displays the status of MSCHAP authentication.
A Commands
aaa group server radius
8
OL-20462-01
aaa group server radius
To create a RADIUS server group, use the aaa group server radius command. To delete a RADIUS
server group, use the no form of this command.
aaa group server radius group-name
no aaa group server radius group-name
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to create a RADIUS server group and enter RADIUS Server Configuration
mode for configuring the specified server group:
switch# config t
switch(config)# aaa group server radius RadServer
switch(config-radius)#
This example shows how to delete a RADIUS server group:
switch# config t
switch(config)# no aaa group server radius RadServer
Related Commands
group-name RADIUS server group name.The name is alphanumeric and case-sensitive. The
maximum length is 64 characters.
Command Description
show aaa groups Displays server group information.
radius-server host Defines the IP address or hostname for a RADIUS server.
A Commands
aaa group server tacacs+
9
OL-20462-01
To create a TACACS+ server group, use the aaa group server tacacs+ command. To delete a TACACS+
server group, use the no form of this command.
aaa group server tacacs+ group-name
no aaa group server tacacs+ group-name
Syntax Description
Defaults None
Command History
Usage Guidelines You must enable TACACS+ using the tacacs+ enable command before you can configure TACACS+.
Examples This example shows how to create a TACACS+ server group:
switch# config t
switch(config)# aaa group server tacacs+ TacServer
switch(config-radius)#
This example shows how to delete a TACACS+ server group:
switch# config t
switch(config)# no aaa group server tacacs+ TacServer
Related Commands
group-name TACACS+ server group name. The name is alphanumeric and case-sensitive. The
maximum length is 64 characters.
Command Description
tacacs+ enable Enables TACACS+.
show aaa groups Displays server group information.
A Commands
10
OL-20462-01
17
OL-20462-01
B Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter, B.
bandwidth (interface)
To set the inherited and received bandwidth for an interface, use the bandwidth command. To restore
the default value, use the no form of this command.
bandwidth {kbps}
no bandwidth {kbps}
Syntax Description
Defaults 1000000 kbps
Command Modes Interface Configuration (config-if)
Command History
Usage Guidelines The bandwidth command sets an informational parameter to communicate only the current bandwidth
to the higher-level protocols; you cannot adjust the actual bandwidth of an interface using this command.
Note This is a routing parameter only. It does not affect the physical interface.
kbps Intended bandwidth, in kilobits per second. Valid values are 1 to 10000000.
B Commands
bandwidth (interface)
18
OL-20462-01
Examples This example shows how to configure the bandwidth 30000 kbps:
switch(config-if)# bandwidth 30000
show interface Displays the interface configuration information.
B Commands
banner motd
19
OL-20462-01
banner motd
To configure a message of the day (MOTD) banner, use the banner motd command.
banner motd [delimiting-character message delimiting-character]
no banner motd [delimiting-character message delimiting-character]
Syntax Description
Defaults User Access Verification is the default message of the day.
Command Modes Configuration (config)
Command History
Usage Guidelines The MOTD banner is displayed on the terminal before the login prompt whenever you log in.
The message is restricted to 40 lines and 80 characters per line.
To create a multiple-line MOTD banner, press Enter before typing the delimiting character to start a new
line. You can enter up to 40 lines of text.
Follow these guidelines when choosing your delimiting character:
Do not use the delimiting-character in the message string.
Do not use " and % as delimiters.
Examples This example shows how to configure and then display a banner message with the text, Testing the
MOTD.
switch# config terminal
switch(config)# banner motd #Testing the MOTD#
switch(config)# show banner motd
Testing the MOTD
delimiting-character The character used to signal the beginning and end of the message text, for
example, in the following message, the delimiting character is #.
#Testing the MOTD#
message Specifies the banner message, restricted to 40 lines with a maximum of 80
characters in each line.
B Commands
banner motd
20
OL-20462-01
This example shows how to configure and then display a multiple-line MOTD banner:
switch(config)# banner motd #Welcome to authorized users.
> Unauthorized access prohibited.#
Welcome to authorized users.
Unauthorized access prohibited.
This example shows how to revert to the default MOTD banner:
switch(config)# no banner motd
User Access Verification
show banner motd Displays the MOTD banner.
B Commands
boot auto-copy
21
OL-20462-01
boot auto-copy
To enable automatic copying of boot image files to the standby supervisor module, use the boot
auto-copy command. To disable automatic copying, use the no form of this command.
boot auto-copy
no boot auto-copy
Defaults Enabled
Command History
Usage Guidelines When automatic copying of image files is enabled, the Cisco NX-OS software copies the image files
referred to by the boot variable to the standby supervisor module. These image files must be present in
local memory on the active supervisor module. For kickstart and system boot variables, only those image
files that are configured for the standby supervisor module are copied.
Examples This example shows how to enable automatic copying of boot image files to the standby supervisor
module:
switch# configure terminal
switch(config)# boot auto-copy
Auto-copy administratively enabled
Related Commands
Command Description
boot kickstart Configures the kickstart boot variable.
boot system Configures the system boot variable.
copy Copies files.
show boot Displays boot variable configuration information.
B Commands
boot kickstart
22
OL-20462-01
boot kickstart
To configure the boot variable for the kickstart image, use the boot kickstart command. To clear the
kickstart image boot variable, use the no form of this command.
boot kickstart [filesystem:[//directory] | directory]filename [sup-1] [sup-2]
no boot kickstart
Syntax Description
Defaults Configures the kickstart boot variable for both supervisor modules.
Command History
Usage Guidelines The kickstart boot variable is used for loading software images when booting up. You must copy the
kickstart image to the device before you reload.
Examples This example shows how to configure the kickstart boot variable for both supervisor modules:
switch(config)# boot kickstart bootflash:kickstart-image
This example shows how to configure the kickstart boot variable for the active supervisor module:
switch(config)# boot kickstart bootflash:kickstart-image sup-1
This example shows how to clear the kickstart boot variable:
switch(config)# no boot kickstart
filesystem: (Optional) Name of a file system. Valid values are bootflash or slot0.
//directory (Optional) Name of a directory. The directory name is case sensitive.
filename Name of the kickstart image file. The filename is case sensitive.
sup-1 (Optional) Configures the kickstart boot for the active supervisor module only.
sup-2 (Optional) Configures the kickstart boot for the standby supervisor module only.
B Commands
boot kickstart
23
OL-20462-01
boot system Configures the boot variable for the system software image.
copy Copies files.
B Commands
boot system
24
OL-20462-01
boot system
To configure the boot variable for the system image, use the boot system command. To clear the system
image boot variable, use the no form of this command.
boot system [filesystem:[//directory] | directory]filename [sup-1] [sup-2]
no boot system
Syntax Description
Defaults Configures the system boot variable for both supervisor modules.
Command History
Usage Guidelines The system boot variable is used for loading images when booting up. You must copy the system image
to the device before you reload.
Examples This example shows how to configure the system boot variable for both supervisor modules:
switch(config)# boot system bootflash:system-image
This example shows how to configure the system boot variable for the sup-1 supervisor module:
switch(config)# boot system bootflash:system-image sup-1
This example shows how to clear the system boot variable:
switch(config)# no boot system
filesystem: (Optional) Name of a file system. Valid values are bootflash or slot0.
//directory (Optional) Name of a directory. The directory name is case sensitive.
filename Name of the system image file. The filename is case sensitive.
sup-1 (Optional) Configures the system boot for the sup-1 supervisor module only.
sup-2 (Optional) Configures the system boot for the sup-2 supervisor module only.
B Commands
boot system
25
OL-20462-01
boot kickstart Configures the boot variable for the kickstart software image.
B Commands
boot system
26
OL-20462-01
27
OL-20462-01
C Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter, C.
cache size
To specify a cache size for a Netflow flow monitor, use the cache size command. To remove the cache
size for a flow monitor, use the no form of this command.
cache size value
no cache size value
Syntax Description
Defaults 4096 entries
Command Modes Netflow Monitor Configuration (config-flow-monitor)
Command History
Usage Guidelines Use the cache-size command to limit the impact of the Netflow flow monitor cache on memory and
performance.
Examples This example shows how to configure the cache size for a Netflow flow monitor named MonitorTest,
and then display the configuration:
value Size in number of entries. The range is 256 to 16384 entries.
C Commands
cache size
28
OL-20462-01
n1000v# config t
n1000v(config)# flow monitor MonitorTest
n1000v(config-flow-monitor)# cache size 15000
n1000v(config-flow-monitor)# show flow monitor MonitorTestFlow
Monitor monitortest:
Use count: 0
Inactive timeout: 600
Active timeout: 1800
Cache Size: 15000
n1000v(config-flow-monitor)#
This example shows how to remove a cache size from a flow monitor:
n1000v# config t
n1000v(config-flow-monitor)# no cache size
n1000v(config-flow-monitor)#show flow monitor MonitorTestFlow
Monitor monitortest:
Use count: 0
Inactive timeout: 600
Active timeout: 1800
Cache Size: 4096
show flow monitor Displays information about the flow monitor cache module.
flow monitor Creates a flow monitor.
timeout Specifies an aging timer and its value for aging entries from the cache.
record Adds a flow record to the flow monitor.
exporter Adds a flow exporter to the flow monitor.
C Commands
capability l3control
29
OL-20462-01
To configure the Layer 3 capability for a port profile, use the capability command. To remove a
capability from a port profile, use the no form of this command.
no capability l3control
Syntax Description
Defaults None
Command Modes Port Profile Configuration (config-port-prof)
Command History
Usage Guidelines If you are configuring a port profile for Layer 3 control, then you must first configure the transport mode
as Layer 3 using the svs mode command for the VSM domain.
Examples This example shows how to configure a port profile to be used for Layer 3 communication purposes:
n1000v# config t
n1000v(config)# port-profile testprofile
n1000v(config-port-prof)# capability l3control
n1000v(config-port-prof)#
This example shows how to remove the Layer 3 configuration from the port profile:
n1000v# config t
l3control Configures a port profile to be used for one of the following Layer 3 communication
purposes:
The management interface used for Layer 3 communication between the VSM
and VEMs.
To carry NetFlow ERSPAN traffic.
4.0(4)SV1(1) Introduced the capability uplink command to designate a port profile as an
uplink.
4.0(4)SV1(2) Removed the capability uplink command. A port profile used as an uplink
is now designated as type Ethernet instead.
Added the capability l3control command.
C Commands
30
OL-20462-01
n1000v(config-port-prof)# no capability l3control
show port-profile name
[name]
Displays the port profile configuration.
port-profile name Places you into Port Profile Configuration mode for creating and
configuring a port profile.
C Commands
capability iscsi-multipath
31
OL-20462-01
To configure a port profile to be used with the ISCSI Multipath protocol, use the capability
iscsi-multipath command. To remove the capability from a port profile, use the no form of this
command.
no capability iscsi-multipath
Defaults None
Command History
Usage Guidelines If you are configuring a port profile for ISCSI Multipath, then you must first configure the port-profile
in switchport mode.
Examples This example shows how to configure a port profile to be used with ISCSI Multipath protocol:
n1000v# config t
n1000v(config-port-prof)# switchport mode access
n1000v(config-port-prof)# capability iscsi-multipath
This example shows how to remove the ISCSI multipath configuration from the port profile:
n1000v# config t
n1000v(config-port-prof)# no capability iscsi-multipath
4.0(4)SV1(2) Added the capability iscsi multipath command.
C Commands
32
OL-20462-01
show port-profile name
[name]
port-profile name Places you into Port Profile Configuration mode for creating and
configuring a port profile.
C Commands
cd
33
OL-20462-01
cd
To change to a different directory from the one you are currently working in, use the cd command.
cd [filesystem:[//directory] | directory]
Syntax Description
Defaults bootflash
Command Modes Any
Usage Guidelines You can only change to the directories that are on the active supervisor module.
Use the present working directory (pwd) command to verify the name of the directory you are currently
working in.
Examples This example shows how to change to a different directory on the current file system:
switch# cd my-scripts
This example shows how to change from the file system you are currently working in to a different file
system:
switch# cd volatile:
This example shows how to revert back to the default directory, bootflash:
switch# cd
Related Commands
filesystem: (Optional) Name of the file system. Valid file systems are bootflash and
volatile.
//directory (Optional) Name of the directory. The directory name is case sensitive.
Command Description
pwd Displays the name of the directory you are currently working in.
C Commands
cdp advertise
34
OL-20462-01
cdp advertise
To specify the CDP version to advertise, use the cdp advertise command. To remove the cdp advertise
configuration, use the no form of this command.
cdp advertise {v1 | v2}
no cdp advertise [v1 | v2]
Syntax Description
Defaults CDP Version 2
Command History
Usage Guidelines
Examples This example shows how to set CDP Version 1 as the version to advertise:
switch(config)# cdp advertise v1
This example shows how to remove CDP Version 1 as the configuration to advertise:
switch(config)# no cdp advertise v1
Related Commands
v1 CDP Version 1.
v2 CDP Version 2.
Command Description
show cdp global Displays the CDP configuration.
C Commands
cdp enable (global)
35
OL-20462-01
cdp enable (global)
To enable Cisco Discovery Protocol (CDP) globally on all interfaces and port channels, use the cdp
enable command. To disable CDP globally, use the no form of this command.
cdp enable
no cdp enable
Defaults Enabled on all interfaces and port channels
Command History
Usage Guidelines CDP can only be configured on physical interfaces and port channels.
Examples This example shows how to enable CDP globally and then show the CDP configuration:
n1000v# config t
n1000v(config)# cdp enable
n1000v(config)# show cdp global
Global CDP information:
CDP enabled globally
Refresh time is 60 seconds
Hold time is 180 seconds
CDPv2 advertisements is enabled
DeviceID TLV in System-Name(Default) Format
This example shows how to disable CDP globally and then show the CDP configuration:
switch(config)# no cdp enable
n1000v# show cdp global
CDP disabled globally
Refresh time is 60 seconds
Hold time is 180 seconds
CDPv2 advertisements is enabled
DeviceID TLV in System-Name(Default) Format
n1000v(config)#
C Commands
cdp enable (global)
36
OL-20462-01
show cdp global Displays the CDP configuration.
cdp enable (interface or
port channel)
Enables CDP on an interface or port channel.
C Commands
cdp enable (interface or port channel)
37
OL-20462-01
To enable Cisco Discovery Protocol (CDP) on an interface or port channel, use the cdp enable
command. To disable it, use the no form of this command.
cdp enable
no cdp enable
Defaults None
Command History
Usage Guidelines CDP can only be configured on physical interfaces and port channels.
Examples This example shows how to enable CDP on port channel 2:
n1000v# config t
n1000v(config)# interface port-channel2
n1000v(config-if)# cdp enable
n1000v(config-if)#
This example shows how to disable CDP on mgmt0:
n1000v# config t
n1000v(config)# interface mgmt0
n1000v(config-if)# no cdp enable
n1000v(config-if)# show cdp interface mgmt0
mgmt0 is up
CDP disabled on interface
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
n1000v(config-if)#
C Commands
38
OL-20462-01
show cdp interface Displays the CDP configuration for an interface.
show cdp neighbors Displays your device from the upstream device.
cdp advertise Assigns the CPD version the interface will advertiseCDP Version 1 or
CDP Version 2.
cdp format device ID Assigns the CDP device ID
cdp holdtime Sets the maximum amount of time that CDP holds onto neighbor
information before discarding it.
C Commands
cdp format device-id
39
OL-20462-01
To specify the device ID format for CDP, use the cdp format device-id command. To remove it, use the
no form of this command.
cdp format device-id {mac-address | serial-number | system-name}
no cdp format device-id {mac-address | serial-number | system-name}
Syntax Description
Defaults System name/Fully Qualified Domain Name
Command History
Usage Guidelines CDP must be enabled globally before you configure the device ID format.
You can configure CDP on physical interfaces and port channels only.
Examples This example shows how to configure the CDP device ID with the MAC address format and then display
the configuration:
switch(config)# cdp format device-id mac-address
switch(config)# show cdp global
Sending a holdtime value of 10 seconds
Sending CDPv2 advertisements is disabled
Sending DeviceID TLV in Mac Address Format
This example shows how to remove the CDP device ID MAC address format from the configuration:
switch(config)# no cdp format device-id mac-address
mac-address MAC address of the Chassis.
serial-number Chassis serial number.
system-name System name/Fully Qualified Domain Name (Default).
C Commands
40
OL-20462-01
show cdp global Displays CDP global configuration parameters.
show cdp interface Displays the CDP configuration for an interface.
show cdp neighbors Displays your device from the upstream device.
cdp advertise Assigns the CPD version the interface will advertiseCDP Version 1 or
CDP Version 2.
cdp enable interface Enables CDP on an interface or port channel.
cdp holdtime Sets the maximum amount of time that CDP holds onto neighbor
information before discarding it.
C Commands
cdp holdtime
41
OL-20462-01
cdp holdtime
To do set the maximum amount of time that CDP holds onto neighbor information before discarding it,
use the cdp holdtime command. To remove the CDP holdtime configuration, use the no form of this
command.
cdp holdtime seconds
no cdp holdtime seconds
Syntax Description
Defaults 180 seconds
Command History
Usage Guidelines CDP must be enabled globally before you configure the device ID format.
You can configure CDP on physical interfaces and port channels only.
Examples This example shows how to set the CDP holdtime to 10 second:
switch(config)# cdp holdtime 10
This example shows how to remove the CDP holdtime configuration:
switch(config)# no cdp holdtime 10
Related Commands
seconds The range is from 10 to 255 seconds.
Command Description
show cdp neighbors Displays the upstream device from your device.
C Commands
cdp timer
42
OL-20462-01
cdp timer
To set the refresh time for CDP to send advertisements to neighbors, use the cdp timer command. To
remove the CDP timer configuration, use the no form of this command.
cdp timer seconds
no cdp timer seconds
Syntax Description
Defaults 60 seconds
Command History
Usage Guidelines
Examples This example shows how to configure the CDP timer to 10 seconds:
switch(config)# cdp timer 10
This example shows how to remove the CDP timer configuration:
switch(config)# no cdp timer 10
Related Commands
seconds The range is from 5 to 254 seconds.
Command Description
show cdp neighbors Displays the upstream device from your device.
C Commands
channel-group auto (port profile)
43
OL-20462-01
To create and define a channel group for all interfaces that belong to a port profile, use the
channel-group auto command. To remove the channel group, use the no form of this command.
channel-group auto [mode channel_mode] [sub-group {cdp | manual}] [mac-pinning]
no channel-group
Syntax Description
Defaults None
Command Modes Port profile configuration (config-port-prof)
Command History
Usage Guidelines The channel-group auto command creates a unique port channel for all interfaces that belong to the
same module. The channel group is automatically assigned when the port profile is assigned to the first
interface. Each additional interface that belongs to the same module is added to the same port channel.
In VMware environments, a different port channel is created for each module.
The channel group mode must be set to on when configuring vPC-HM.
When configuring a port channel for a port profile that connects to two or more upstream switches,
note the following:
mode
channel_mode
(Optional) Specifies a channeling mode:
on
active (uses LACP)
passive (uses LACP)
sub-group (Optional) Specifies to create subgroups for managing the traffic flow when the port
profile connects to multiple upstream switches. The feature is also called virtual port
channel host mode (vPC-HM).
cdp Specifies to create subgroups using Cisco Discovery Protocol (CDP).
manual Specifies to create subgroups manually.
mac-pinning (Optional) Specifies to attach VEMs to an upstream switch that does not support
port-channels. There are a maximum of 32 subgroups per port channel, so a
maximum of 32 Ethernet port members can be assigned.
4.0(4)SV1(2) Support for manual creation of subgroups and mac-pinning.
C Commands
44
OL-20462-01
You need to know whether CDP is configured in the upstream switches.
If configured, CDP creates a subgroup for each upstream switch to manage its traffic separately.
If not configured, then you must manually configure subgroups to manage the traffic flow on
the separate switches.
When configuring a port channel for vPC-HM and the upstream switches do not support port
channels, you can use MAC pinning, which will automatically assign each Ethernet member
port to a unique sub-group.
If vPC-HM is not configured when port channels connect to two different upstream switches,
the VMs behind the Cisco Nexus 1000V receive duplicate packets from the network for
broadcasts and multicasts.
You can also configure vPC-HM on the interface. For more information, see the Cisco Nexus
1000V Interface Configuration Guide, Release 4.0(4)SV1(2).
Examples This example shows how to configure a port profile for a port channel that connects to a single upstream
switch and then display the configuration:
n1000v# config t
n1000v(config)# port-profile AccessProf
n1000v(config-port-prof)# channel-group auto mode on
n1000v(config-port-prof)# show port-profile name AccessProf
port-profile AccessProf
description: allaccess4
status: disabled
capability uplink: yes
port-group: AccessProf
config attributes:
switchport mode access
channel-group auto mode on
evaluated config attributes:
assigned interfaces:
This example shows how to remove the channel group configuration from the port profile and then
display the configuration:
n1000v# config t
n1000v(config)# port-profile AccessProf
n1000v(config-port-prof)# no channel-group
n1000v(config-port-prof)# show port-profile name AccessProf
port-profile AccessProf
description: allaccess4
status: disabled
capability uplink: yes
port-group: AccessProf
config attributes:
C Commands
45
OL-20462-01
This example shows how to configure a port profile for a port channel that connects to multiple upstream
switches that have CDP enabled and then display the configuration:
n1000v# config t
n1000v(config)# port-profile uplinkProf
n1000v(config-port-prof)# channel-group auto mode on sub-group cdp
n1000v(config-port-prof)# show port-profile name uplinkProf
port-profile uplinkProf
description:
type: vethernet
status: disabled
capability l3control: no
pinning control-vlan: -
pinning packet-vlan: -
system vlans: none
port-group:
max ports: 32
inherit:
config attributes:
channel-group auto mode on sub-group cdp
channel-group auto mode on sub-group cdp
show port-profile
name profile-name
port-profile
profile-name
Creates a port profile and places you into global configuration mode for the
named port profile.
C Commands
channel-group (interface)
46
OL-20462-01
To create a port channel group or to move an interface from one port channel group to another, use the
channel-group command. To remove the channel group configuration from an interface, use the no form
of this command.
channel-group number [force] [mode {active | on | passive}]
no channel-group [number]
Syntax Description
Defaults The default mode is on.
number Number of the channel group. The maximum number of port channels that can
be configured is 256. The allowable range of channel group numbers that can
be assigned is from 1 to 4096.
force Forces the interface to join the channel group, although some parameters are
not compatible. See Usage Guidelines below for information about the
compatibility parameters and which ones can be forced.
mode Specifies the port channel mode of the interface.
on This is the default channel mode.
All port channels that are not running LACP remain in this mode. If you
attempt to change the channel mode to active or passive before enabling
LACP, the device returns an error message.
After you enable LACP globally, you enable LACP on each channel by
configuring the channel mode as either active or passive. An interface in this
mode does not initiate or respond to LACP packets. When an LACP attempts
to negotiate with an interface in the on state, it does not receive any LACP
packets and becomes an individual link with that interface; it does not join the
channel group.
active Specifies that when you enable the Link Aggregation Control Protocol
(LACP), this command enables LACP on the specified interface. Interface is
in active negotiating state, in which the port initiates negotiations with other
ports by sending LACP packets.
passive Specifies that when you enable LACP, this command enables LACP only if an
LACP device is detected.The interface is in a passive negotiation state, in
which the port responds to LACP packets that it receives but does not initiate
LACP negotiation.
C Commands
47
OL-20462-01
Command History
Usage Guidelines A port channel in the on channel mode is a pure port channel and can aggregate a maximum of eight
ports. It does not run LACP.
If an existing port channel is not running LACP you cannot change the mode for it or any of its
interfaces. If you try to do so, the channel mode remains on and an error message is generated.
When you delete the last physical interface from a port channel, the port channel remains. To delete the
port channel completely, use the no form of the port-channel command.
When an interface joins a port channel, the following attributes are removed and replaced with the those
of the port channel:
Bandwidth
Delay
Extended Authentication Protocol over UDP
VRF
IP address
MAC address
Spanning Tree Protocol
NAC
Service policy
Quality of Service (QoS)
ACLs
The following attributes remain unaffected when an interface joins or leaves a port channel:
Beacon
Description
CDP
LACP port priority
Debounce
UDLD
MDIX
Rate mode
Shutdown
SNMP trap
You do not have to create a port channel interface before you assign a physical interface to a channel
group. A port channel interface is created automatically when the channel group gets its first physical
interface, if it is not already created.
C Commands
48
OL-20462-01
Examples This example shows how to add an interface to LACP channel group 5 in active mode:
switch(config-if)# channel-group 5 mode active
switch(config-if)#
show interface
port-channel
Displays information about the traffic on the specified port channel
interface.
show port-channel
summary
Displays information on the port channels.
feature lacp Enables the LACP feature globally
show lacp
port-channel
Displays LACP information.
show port-channel
compatibility-paramet
ers
Displays the list of compatibility checks that the Cisco Nexus 1000V uses.
C Commands
check logflash
49
OL-20462-01
check logflash
To check the compactFlash, use the check logflash command.
check logflash [bad-blocks]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to check compactFlash:
switch# check logflash
bad-blocks (Optional) Finds bad blocks in compactFlash.
C Commands
class (policy map type qos)
50
OL-20462-01
To add an existing Quality of Service (QoS) class to a policy map, use the class command. To remove
a QoS class from a policy map, use the no form of this command.
class [type qos] {class-map-name | class-default} [insert-before [type qos]
before-class-map-name]
no class {class-map-name | class-default}
Syntax Description
Defaults type QoS
The default is to reference a new class map at the end of the policy map.
The class named class-default matches all traffic not classified in other classes.
Command Modes Policy Map Configuration (config-pmap)
Usage Guidelines Policy actions in the first class that matches the traffic type are performed.
The class named class-default matches all traffic not classified in other classes.
Examples This example shows how to add a class map in sequence to the end of a policy map:
switch(config)# policy-map my_policy1
switch(config-pmap)# class traffic_class2
switch(config-pmap-c-qos)#
type qos (Optional) Specifies the class type to be QoS. QoS is the default class type.
class-map-name Adds the specified name of an existing class to the policy map.
class-default Adds the class-default to a policy map. The class-default matches all traffic
not classified in other classes.
insert-before
before-class-map-name
(Optional) Specifies the sequence of this class in the policy by identifying
the class map it should precede. If not specified, the class is placed at the
end of the list of classes in the policy. Policy actions in the first class that
matches the traffic type are performed.
C Commands
51
OL-20462-01
This example shows how to insert a class map in sequence before an existing class map in a policy map:
switch(config-pmap-qos)# class insert-before traffic_class2 traffic_class1
This example shows how to add the class-default class map to a policy map:
switch(config-pmap-qos)# class class-default
This example shows how to remove a class map reference from a policy map:
switch(config-pmap)# no class traffic_class1
switch(config-pmap)#
policy-map Creates or modifies a policy map.
set cos Assigns a CoS to a QoS policy map.
set dscp Assigns a DSCP value for a traffic class in a QoS policy map.
set precedence Assigns a precedence value for the IP headers in a specific traffic class in a
QoS policy map.
set discard-class Assigns a discard-class value for a class of traffic in a QoS policy map.
show class-map qos Displays class maps.
show policy-map Displays policy maps and statistics.
C Commands
class-map type qos
52
OL-20462-01
class-map type qos
To create or modify a class map that defines a class of traffic, use the class-map command. To remove
a class map, use the no form of this command.
class-map [type qos] {match-any | match-all] class-map-name}
no class-map [type qos] {class-map-name | [match-any | match-all]}
Syntax Description
Defaults type QoS
match-all
Usage Guidelines Hyphen, underscore, and alphabetic characters are allowed in the class map name.
Forty characters are the maximum allowed in the class map name.
Characters in the class map name are case sensitive.
Examples This example shows how to create a class map and enter the QoS Class Map Configuration mode to
configure the specified map:
switch(config)# class-map my_class1
switch(config-cmap-qos)#
This example shows how to remove the QoS class map named my_class1:
switch(config)# no class-map my_class1
switch(config)#
type qos (Optional) Specifies the component type QoS for the class map. By default,
the class map type is QoS.
match-any Specifies that if the packet matches any of the matching criteria configured
for this class map, then this class map is applied to the packet.
match-all Specifies that if the packet matches all the matching criteria configured for
this class map, then this class map is applied to the packet. This is the default
action if match-any is not specified.
class-map-name Name assigned to the class map. The name class-default is reserved.
C Commands
class-map type qos
53
OL-20462-01
show class-map qos Displays class maps.
match class-map Configures the traffic class by matching packets based on match criteria in
another class map.
match packet length Configures the traffic class by matching packets based on packet lengths.
C Commands
clear access-list counters
54
OL-20462-01
clear access-list counters
To clear the counters for IP and MAC access control list(s) (ACLs), use the clear access-list counters
command.
clear access-list counters [access-list-name]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If you specify an ACL, the name can be up to 64 alphanumeric, case-sensitive characters.
Examples This example shows how to clear counters for all IP and MAC ACLs:
switch# clear access-list counters
switch#
This example shows how to clear counters for an IP ACL named acl-ip-01:
switch# clear access-list counters acl-ip-01
switch#
Related Commands
access-list-name (Optional) Name of the ACL whose counters the device clears. The name can be
up to 64 alphanumeric, case-sensitive characters.
Command Description
clear ip access-list
counters
Clears counters for IP ACLs.
clear mac access-list
counters
Clears counters for MAC ACLs.
show access-lists Displays information about one or all IP and MAC ACLs.
C Commands
clear accounting log
55
OL-20462-01
To clear the accounting log, use the clear accounting log command.
Defaults None
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to clear the accounting log:
switch# clear accounting log
Related Commands
Command Description
show accounting log Displays the accounting log contents.
C Commands
clear cdp
56
OL-20462-01
clear cdp
To clear Cisco Discovery Protocol(CDP) information on an interface, use the clear cdp command.
clear cdp {counters [interface slot/port] | table [interface slot/port]}
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to clear CDP counters on all interfaces:
n1000V# clear cdp counters
This example shows how to clear CDP cache on all interfaces:
n1000V# clear cdp table
Related Commands
counters Clear CDP counters on all interfaces.
interface
slot/port
(Optional) Clear CDP counters on a specified interface .
table Clear CDP cache on all interfaces.
Command Description
show cdp all Displays all interfaces that have CDP enabled.
show cdp entry Displays the CDP database entries
show cdp global Displays the CDP global parameters.
show cdp interface
intrface-type slot-port
Displays the CDP interface status
C Commands
clear cli history
57
OL-20462-01
clear cli history
To clear the history of commands you have entered into the CLI, use the clear cli history command.
clear cli history
Defaults None
Command Modes Any
Command History
Usage Guidelines Use the show cli history command to display the history of the commands that you entered at the
command-line interface (CLI).
Examples This example shows how to clear the command history:
switch# clear cli history
Related Commands
Command Description
show cli history Displays the command history.
C Commands
clear cores
58
OL-20462-01
clear cores
To clear the core files, use the clear cores command.
clear cores [archive]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines Use the show system cores command to display information about the core files.
Examples This example shows how to clear the core file:
switch# clear cores
This example shows how to clear the core on the logflash filesystem:
switch# clear cores archive
Related Commands
archive (Optional) Clears the core file on the logflash filesystem.
Command Description
show system cores Displays the core filename.
system cores Configures the core filename.
C Commands
clear counters
59
OL-20462-01
clear counters
To clear interface counters, use the clear counters command.
clear counters [ interface {all | ethernet slot/port | loopback virtual-interface-number | mgmt |
port-channel port-channel-number | vethernet interface-number} ]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to clear the Ethernet interface counters:
switch(config)# clear counters ethernet 2/1
Related Commands
interface Clears interface counters.
all Clears all interface counters.
ethernet slot/port Clears Ethernet interface counters. The range is 1 to 66.
loopback
virtual-interface-number
Clears loopback interface counters. The range is 0 to 1023.
mgmt Clears the mangement interface (mgmt0).
port-channel
port-channel-number
Clears port-channel interfaces. The range is 1 to 4096.
vethernet
interface-number
Clears virtual Ethernel interfaces. The range is 1 to 1048575.
Command Description
show interface
counters
Displays the interface status, which includes the counters.
C Commands
clear debug-logfile
60
OL-20462-01
clear debug-logfile
To clear the contents of the debug logfile, use the clear debug-logfile command.
clear debug-logfile filename
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to clear the debug logfile:
switch# clear debug-logfile syslogd_debugs
Related Commands
filename Name of the debug logfile to clear.
Command Description
debug logfile Configures a debug logging file.
debug logging Enable debug logging.
show debug logfile Displays the contents of the debug logfile.
C Commands
clear flow exporter
61
OL-20462-01
clear flow exporter
To clear the statistics for a Flexible NetFlow flow exporter, use the clear flow exporter command in
Any.
clear flow exporter {name exporter-name | exporter-name}
Syntax Description
Command Default None
Command Modes Any
Command History
Usage Guidelines You must have already enabled traffic monitoring with Flexible NetFlow using an exporter before you
can use the clear flow exporter command.
Examples The following example clears the statistics for the flow exporter named NFC-DC-PHOENIX:
switch# clear flow exporter name NFC-DC-PHOENIX
switch#
Related Commands
name Indicates that a flow exporter will be specified by name.
exporter-name Name of an existing flow exporter.
Command Description
clear flow exporter Clears the statistics for exporters.
flow exporter Creates a flow exporter.
show flow exporter Displays flow exporter status and statistics.
C Commands
clear ip access-list counters
62
OL-20462-01
clear ip access-list counters
To clear the counters for IP access control lists (ACLs), use the clear ip access-list counters command.
clear ip access-list counters [access-list-name]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If specifying an ACL by name, it can be up to 64 alphanumeric, case-sensitive characters.
Examples This example shows how to clear counters for all IP ACLs:
switch# clear ip access-list counters
switch#
This example shows how to clear counters for an IP ACL named acl-ip-101:
switch# clear ip access-list counters acl-ip-101
switch#
Related Commands
access-list-name (Optional) Name of the IP ACL whose counters you want cleared. The name can
be up to 64 alphanumeric, case-sensitive characters.
Command Description
clear access-list counters Clears counters for IP and MAC ACLs.
clear mac access-list
counters
Clears counters for MAC ACLs.
show ip access-lists Displays information about one or all IP ACLs.
C Commands
clear ip arp inspection statistics vlan
63
OL-20462-01
clear ip arp inspection statistics vlan
To clear the Dynamic ARP Inspection (DAI) statistics for a specified VLAN, use the clear ip arp
inspection statistics vlan command.
clear ip arp inspection statistics vlan vlan-list
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to clear the DAI statistics for VLAN 2:
n1000v# clear ip arp inspection statistics vlan 2
n1000v#
This example shows how to clear the DAI statistics for VLANs 5 through 12:
n1000v# clear ip arp inspection statistics vlan 5-12
n1000v#
This example shows how to clear the DAI statistics for VLAN 2 and VLANs 5 through 12:
n1000v# clear ip arp inspection statistics vlan 2,5-12
n1000v#
Related Commands
vlan-list Range of VLAN IDs from 1 to 4094 that you can clear DAI statistics from.
Command Description
ip arp inspection vlan Enables or disables DAI for a list of VLANs.
show ip arp inspection
statistics
Displays the DAI statistics.
C Commands
clear ip igmp interface statistics
64
OL-20462-01
clear ip igmp interface statistics
To clear the IGMP statistics for an interface, use the clear ip igmp interface statistics command.
clear ip igmp interface statistics [if-type if-number]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to clear IGMP statistics for an interface:
switch# clear ip igmp interface statistics ethernet 2/1
switch#
Related Commands
if-type (Optional) Interface type. For more information, use the question mark (?) online
help function.
if-number (Optional) Interface number.
Command Description
show ip igmp interface Displays information about IGMP interfaces.
C Commands
clear ip igmp snooping statistics vlan
65
OL-20462-01
clear ip igmp snooping statistics vlan
To clear the IGMP snooping statistics for VLANs, use the clear ip igmp snooping statistics vlan
command.
clear ip igmp snooping statistics vlan {vlan-id | all}
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to clear IGMP snooping statistics for VLAN 1:
switch# clear ip igmp snooping statistics vlan 1
switch#
Related Commands
vlan-id VLAN number. The range is from 1 to 3967 and 4048 to 4093.
all Applies to all VLANs.
Command Description
show ip igmp snooping
statistics vlan
Displays IGMP snooping statistics by VLAN.
C Commands
clear lacp counters
66
OL-20462-01
clear lacp counters
To clear the statistics for all interfaces for Link Aggregation Control Protocol (LACP) groups, use the
clear lacp counters command.
clear lacp counters [interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If you clear counters for a specific port channel, the allowable port channel numbers are from 1 to 4096.
If you do not specify a channel number, the LACP counters for all LACP port groups are cleared.
If you clear counters for a static port-channel group, without the aggregation protocol enabled, the
device ignores the command.
Examples This example shows how to clear all the LACP counters:
switch(config)# clear lacp counters
switch(config) #
This example shows how to clear all LACP counters for the LACP port-channel group 20:
switch(config)# clear lacp counters interface port-channel 20
switch(config)#
Related Commands
channel-number (Optional) LACP port-channel number. The range of values is from 1 to 4096.
Command Description
show lacp counters Displays information about LACP statistics.
C Commands
clear license
67
OL-20462-01
clear license
To uninstall a license file from a VSM, or to uninstall an evaluation license before installing a permanent
license, use the clear license command.
clear license filename
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If a license is in use, you cannot uninstall it. Before uninstalling the license file, all licenses must first
be transferred from the VEMs to the VSM license pool.
Caution Service Disruption
When you uninstall a license file from a VSM, the vEthernet interfaces on the VEMs are removed from
service and the traffic flowing to them from virtual machines is dropped. This traffic flow is not resumed
until you add a new license file with licenses for the VEMs. We recommend notifying the server
administrator that you are uninstalling a license and that this will cause the vEthernet interfaces to shut
down.
Examples This example shows how to remove the Enterprise.lic license file from a VSM:
switch# clear license Enterprise.lic
Clearing license Enterprise.lic:
SERVER this_host ANY
VENDOR cisco
Do you want to continue? (y/n) y
Clearing license ..done
switch#
filename Name of the license file to be uninstalled.
C Commands
clear license
68
OL-20462-01
show license Displays license information.
install license Installs a license file(s) on a VSM
svs license transfer
src-vem
Transfers licenses from a source VEM to another VEM, or to the VSM
pool of available licenses.
C Commands
clear line
69
OL-20462-01
clear line
To end a session on a specified vty, use the clear line command.
clear line word
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to end a session on a specified vty:
switch(config)# clear line
Related Commands
word Specifies the vty name.
Command Description
show users Displays active user sessions.
C Commands
clear logging logfile
70
OL-20462-01
Use the clear logging logfile command to clear messages from the logging file.
Defaults None
Command Modes Any
Supported User Roles Super user
Command History
Usage Guidelines
Examples This example shows how to clear messages from the logging file:
switch# clear logging logfile
switch#
Related Commands
Command Description
show logging logfile Displays the logs in the local log file.
C Commands
clear logging session
71
OL-20462-01
Use the clear logging session command to clear the current logging session.
Defaults None
Command Modes Any
Supported User Roles Super user
Command History
Usage Guidelines
Examples This example shows how to clear the current logging session:
switch# clear logging session
switch#
Related Commands
Command Description
show logging session Displays logging session status
C Commands
clear mac access-list counters
72
OL-20462-01
clear mac access-list counters
To clear the counters for MAC access control lists (ACLs), use the clear mac access-list counters
command.
clear mac access-list counters [access-list-name]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If you want counters cleared for a specific MAC ACL, the name can be up to 64 alphanumeric,
case-sensitive characters.
Examples This example shows how to clear counters for all MAC ACLs:
switch# clear mac access-list counters
switch#
This example shows how to clear counters for a MAC ACL named acl-mac-0060:
switch# clear mac access-list counters acl-mac-0060
switch#
Related Commands
access-list-name (Optional) Name of the MAC ACL whose counters you want to clear. The name
can be up to 64 alphanumeric, case-sensitive characters.
Command Description
clear access-list counters Clears counters for IP and MAC ACLs.
clear ip access-list
counters
Clears counters for IP ACLs.
show mac access-lists Displays information about one or all MAC ACLs.
C Commands
clear mac address-table dynamic
73
OL-20462-01
To clear the dynamic address entries from the MAC address table in Layer 2, use the clear mac
address-table dynamic command.
clear mac address-table dynamic [[address mac_addr] [vlan vlan_id] [interface {type slot/port |
port-channel number}]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines Use the clear mac address-table dynamic command with no arguments to remove all dynamic entries
from the table.
To clear static MAC addresses from the table, use the no mac address-table static command.
If the clear mac address-table dynamic command is entered with no options, all dynamic addresses are
removed. If you specify an address but do not specify an interface, the address is deleted from all
interfaces. If you specify an interface but do not specify an address, the device removes all addresses on
the specified interfaces.
Examples This example shows how to clear all the dynamic Layer 2 entries from the MAC address table:
switch(config)# clear mac address-table dynamic
switch(config) #
This example shows how to clear all the dynamic Layer 2 entries from the MAC address table for VLAN
20 on port 2/20:
address
mac_addr
(Optional) Specifies the MAC address to remove from the table. Use the
format XXXX.XXXX.XXXX.
vlan vlan_id (Optional) Specifies the VLAN from which the MAC address should be
removed from the table. The range of valid values is from 1 to 4094.
interface {type
slot/port |
port-channel
number}]
(Optional) Specifies the interface. Use either the type of interface, the slot
number, and the port number, or the port-channel number.
C Commands
74
OL-20462-01
switch(config)# clear mac address-table dynamic vlan 20 interface ethernet 2/20
switch(config)#
show mac
address-table
Displays the information about the MAC address table.
C Commands
clear ntp statistics
75
OL-20462-01
clear ntp statistics
To clear the Network Time Protocol statistics, use the clear ntp statistics command.
clear ntp statistics {all-peers | io | local | memory}
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to clear statistics for all NTP peers:
switch(config)# clear ntp statistics all-peers
Related Commands
all-peers Clear statistics for all NTP peers.
io Clear IO statistics.
local Clear local statistics.
memory Clear memory statistics.
Command Description
show ntp peers Displays information about NTP peers.
C Commands
clear port-security
76
OL-20462-01
clear port-security
To clear dynamically-learned, secure MAC address(es), use the clear port-security command.
clear port-security {dynamic} {interface vethernet veth-number | address address} [vlan
vlan-id]
Syntax Description
Defaults dynamic
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to remove dynamically learned, secure MAC addresses from the veth1
interface:
switch# config t
switch(config)# clear port-security dynamic interface veth 1
This example shows how to remove the dynamically learned, secure MAC address 0019.D2D0.00AE:
switch# config t
switch(config)# clear port-security dynamic address 0019.D2D0.00AE
Related Commands
dynamic Specifies that you want to clear dynamically-learned, secure MAC addresses.
interface
vethernet
veth-number
Specifies the interface of the dynamically learned, secure MAC addresses that
you want to clear.
address address Specifies a single MAC address to be cleared, where address is the MAC address.
vlan vlan-id Specifies the VLAN of the secure MAC addresses to be cleared. Valid VLAN IDs
are from 1 to 4096.
C Commands
clear port-security
77
OL-20462-01
Command Description
debug port-security Provides debugging information for port security.
show port-security Shows information about port security.
switchport port-security Enables port security on a Layer 2 interface.
C Commands
clear qos statistics
78
OL-20462-01
clear qos statistics
To clear the counters for QoS statistics, use the clear qos statistics command.
clear qos statistics {interface [ethernet type/slot | vethernet number | port-channel number] }
[input type qos | output type qos]}
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines If you do not specify an interface, the counters are cleared for all interfaces.
Examples This example shows how to clear QoS statistics for all interfaces:
switch# clear qos statistics
switch#
This example shows how to clear all input QoS statistics for veth2:
switch# clear qos statistics veth2 input type qos
switch#
Related Commands
interface (Optional) Identifies a specific interface for which to clear statistics.
input type qos (Optional) Clears only input QoS statistics.
output type qos (Optional) Clears only output QoS statistics.
Command Description
qos statistics Enables or disables QoS statistics.
show qos statistics Displays QoS statistics.
C Commands
clear ssh hosts
79
OL-20462-01
clear ssh hosts
To clear the Secure Shell (SSH) host sessions, use the clear ssh hosts command.
clear ssh hosts
Defaults None
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to clear all SSH host sessions:
switch# clear ssh hosts
Related Commands
Command Description
ssh server enable Enables the SSH server.
C Commands
clear system reset-reason
80
OL-20462-01
To clear the device reset-reason history, use the clear system reset-reason command.
Defaults None
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to clear reset-reason history:
switch# clear system reset-reason
Related Commands
Command Description
show system reset-reason Displays the device reset-reason history.
C Commands
clear user
81
OL-20462-01
clear user
To clear a user session, use the clear user command.
clear user user-id
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines Use the show users command to display the current user sessions on the device.
Examples This example shows how to clear all SSH host sessions:
switch# clear user user1
Related Commands
user-id User identifier.
Command Description
show users Displays the user session information.
C Commands
cli var name
82
OL-20462-01
cli var name
To define a command line interface (CLI) variable for a terminal session, use the cli var name
command. To remove the CLI variable, use the no form of this command.
cli var name variable-name variable-text
cli no var name variable-name
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines You can reference a CLI variable using the following syntax:
$(variable-name)
Instances where you can use variables in include the following:
Command scripts
Filenames
You cannot reference a variable in the definition of another variable.
You can use the predefined variable, TIMESTAMP, to insert the time of day. You cannot change or
remove the TIMESTAMP CLI variable.
You must remove a CLI variable before you can change its definition.
Examples This example shows how to define a CLI variable:
switch# cli var name testinterface interface 2/3
variable-name Name of the variable. The name is alphanumeric, case sensitive, and has a
maximum of 31 characters.
variable-text Variable text. The text is alphanumeric, can contain spaces, and has a
C Commands
cli var name
83
OL-20462-01
This example shows how to reference the TIMESTAMP variable:
switch# copy running-config > bootflash:run-config-$(TIMESTAMP).cnfg
This example shows how to remove a CLI variable:
switch# cli no var name testinterface interface 2/3
show cli variables Displays the CLI variables.
C Commands
clock set
84
OL-20462-01
clock set
To manually set the clock, use the clock set command.
clock set time day month year
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines Use this command when you cannot synchronize your device with an outside clock source, such as NTP.
Examples This example shows how to manually set the clock:
switch# clock set 9:00:00 1 June 2008
Related Commands
time Time of day. The format is HH:MM:SS.
day Day of the month. The range is from 1 to 31.
month Month of the year. The values are January, February, March, April,
May, June, July, August, September, October, November, and
December.
year Year. The range is from 2000 to 2030.
Command Description
show clock Displays the clock time.
C Commands
clock summer-time
85
OL-20462-01
clock summer-time
To configure the summer-time (daylight saving time) offset, use the clock summer-time command. To
revert to the default, use the no form of this command.
clock summer-time zone-name start-week start-day start-month start-time end-week end-day
end-month end-time offset-minutes
no clock summer-time
Syntax Description
Defaults None
Command History
Usage Guidelines
zone-name Time zone string. The time zone string is a three-character string.
start-week Week of the month to start the summer-time offset. The range is from 1 to 5.
start-day Day of the month to start the summer-time offset. Valid values are Monday,
Tuesday, Wednesday, Thursday, Friday, Saturday, or Sunday.
start-month Month to start the summer-time offset. Valid values are January, February,
March, April, May, June, July, August, September, October, November, and
December.
start-time Time to start the summer-time offset. The format is hh:mm.
end-week Week of the month to end the summer-time offset. The range is from 1 to 5.
end-day Day of the month to end the summer-time offset. Valid values are Monday,
Tuesday, Wednesday, Thursday, Friday, Saturday, or Sunday.
end-month Month to end the summer-time offset. Valid values are January, February,
March, April, May, June, July, August, September, October, November, and
December.
end-time Time to end the summer-time offset. The format is hh:mm.
offset-minutes Number of minutes to offset the clock. The range is from 1 to 1440.
C Commands
clock summer-time
86
OL-20462-01
Examples This example shows how to configure the offset for summer-time or daylight saving time:
switch(config)# clock summer-time PDT 1 Sunday March 02:00 1 Sunday November 02:00 60
This example shows how to remove the summer-time offset:
switch(config)# no clock summer-time
show clock Displays clock summer-time offset configuration.
C Commands
clock timezone
87
OL-20462-01
clock timezone
To configure the time zone offset from Coordinated Universal Time (UTC), use the clock timezone
clock timezone zone-name offset-hours offset-minutes
no clock timezone
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to configure the time zone offset from UTC:
switch# clock timezone EST 5 0
This example shows how to remove the time zone offset:
switch# no clock timezone
Related Commands
zone-name Zone name. The name is a 3-character string for the time zone acronym (for
example, PST or EST).
offset-hours Number of hours offset from UTC. The range is from 23 to 23.
offset-minutes Number of minutes offset from UTC. The range is from 0 to 59.
Command Description
show clock Displays the clock time.
C Commands
collect counter
88
OL-20462-01
collect counter
To configure the number of bytes or packets in a flow as a non-key field and collect the number of bytes
or packets seen for a Flexible NetFlow flow record, use the collect counter command. To disable the
counters, use the no form of this command.
collect counter {bytes [long] | packets [long]}
no collect counter {bytes [long] | packets [long]}
Syntax Description
Command Default This command is not enabled by default.
Command Modes Flow Record Configuration
Command History
Usage Guidelines
Examples The following example enables collecting the total number of bytes from the flows as a non-key field:
switch(config)# flow record FLOW-RECORD-1
switch(config-flow-record)# collect counter bytes
The following example enables collecting the total number of bytes from the flows as a non-key field
using a 64 bit counter:
switch(config-flow-record)# collect counter bytes long
The following example enables collecting the total number of packets from the flows as a non-key field:
switch(config-flow-record)# collect counter packets
bytes Configures the number of bytes or packets seen in a flow as a non-key field
and enables collecting the total number of bytes from the flow.
long (Optional) Enables collecting the total number of bytes from the flow using
a 64 bit counter.
packets Configures the number of bytes seen in a flow as a non-key field and enables
collecting the total number of packets from the flow.
C Commands
collect counter
89
OL-20462-01
The following example enables collecting the total number of packets from the flows as a non-key field
using a 64 bit counter:
switch(config-flow-record)# collect counter packets long
collect counter Configures the counters as a non-key field and collects the counter values.
flow record Creates a flow record.
show flow record Displays flow record status and statistics.
C Commands
collect timestamp sys-uptime
90
OL-20462-01
To collect the TIMESTAMP SYS-UPTIME for a NetFlow flow record, use the
collect timestamp sys-uptime command. To disable the collection, use the no form of this command.
collect timestamp sys-uptime {first | last}
no collect timestamp sys-uptime {first | last}
Syntax Description
Command History
Usage Guidelines
Examples The following example enables collecting the sys-uptime for the time the first packet was seen from the
flows:
switch(config-flow-record)# collect timestamp sys-uptime first
The following example enables collecting the sys-uptime for the time the most recent packet was seen
from the flows:
switch(config-flow-record)# collect timestamp sys-uptime last
first Configures the sys-uptime for the time the first packet was seen from the
flows as a non-key field and enables collecting time stamps based on the
sys-uptime for the time the first packet was seen from the flows.
last Configures the sys-uptime for the time the last packet was seen from the
flows as a non-key field and enables collecting time stamps based on the
sys-uptime for the time the most recent packet was seen from the flows.
C Commands
91
OL-20462-01
C Commands
collect transport tcp flags
92
OL-20462-01
To collect a Transmission Control Protocol (TCP) flags for a NetFlow flow record, use the
collect transport tcp flags command. To disable the collection, use the no form of this command.
no collect transport tcp flags
Syntax Description This command has no arguments or keywords
Command History
Usage Guidelines
Examples The following example collects the TCP flags:
switch(config-flow-record)# collect transport tcp flags
Related Commands
Command Description
C Commands
configure terminal
93
OL-20462-01
configure terminal
To access configuration commands in the CLI Global Configuration mode, use the configure terminal
command.
configure terminal
Defaults None
Command Modes Any
Command History
Usage Guidelines The configuration changes you make in the Global Configuration mode are saved in the running
configuration file. To save these changes persistently across reboots and restarts, you must copy them
to the startup configuration file using the copy running-config startup-config command.
Examples This example shows how to access configuration commands in the CLI Global Configuration mode:
switch(config)#
Related Commands
Command Description
where Displays the current configuration mode context.
pwd Displays the name of the present working directory.
copy run start Saves the running configuration persistently through reboots and restarts
by copying it to the startup configuration.
C Commands
connect
94
OL-20462-01
connect
To initiate a connection with vCenter, use the connect command. To disconnect from vCenter, use the
connect
no connect
Defaults no connect
Command Modes SVS Connect Configuration (config-svs-conn)
Command History
Usage Guidelines Upon connection to vCenter, if a username and password have not been configured for this connection,
you are prompted to enter them.
There can be only one active connection at a time. If a previously-defined connection is up, an error
message displays and the connect command is rejected until the previous connection is closed by
entering no connect.
Examples This example shows how to connect to vCenter:
switch(config#) svs connection vcWest
switch(config-svs-conn#) protocol vmware-vim
switch(config-svs-conn#) remote hostname vcMain
switch(config-svs-conn#) vmware dvs datacenter-name HamiltonDC
switch(config-svs-conn#) connect
This example shows how to disconnect from vCenter:
switch(config#) svs connection vcWest
switch(config-svs-conn#) no connect
Related Commands
Command Description
show svs connections Displays the current connections to the Cisco Nexus 1000V.
C Commands
control vlan
95
OL-20462-01
control vlan
To assign a control VLAN to the Cisco Nexus 1000V domain, use the control vlan command. To remove
the control VLAN, use the no form of this command.
control vlan number
no control vlan
Syntax Description
Defaults None
Command Modes SVS Domain Configuration (config-svs-domain)
Command History
Usage Guidelines Newly-created VLANs remain unused until Layer 2 ports are assigned to them.
If you enter a VLAN ID that is assigned to an internally allocated VLAN, the CLI returns an error
message.
Examples This example shows how to configure control VLAN 70 for domain ID 32:
switch# config t
switch(config)# svs-domain
switch(config-svs-domain)# domain id 32
switch(config-svs-domain)# control vlan 70
switch(config-svs-domain)#
This example shows how to remove control VLAN 70 from domain ID 32:
switch# config t
switch(config-svs-domain)# domain id 32
switch(config-svs-domain)# no control vlan 70
number control VLAN number.
C Commands
control vlan
96
OL-20462-01
show vlan-id Displays the configuration for the specified VLAN.
svs-domain Creates the domain and places you into CLI SVS Domain Configuration
mode.
domain id Assigns a domain ID to the domain.
packet vlan Assigns a packet VLAN to the domain.
show svs-domain Displays the domain configuration.
C Commands
copy
97
OL-20462-01
copy
To copy a file from a source to a destination, use the copy command.
copy source-url destination-url
Syntax Description
The format of the source and destination URLs varies according to the file or directory location. You
may enter either a command-line interface (CLI) variable for a directory or a filename that follows the
Cisco NX-OS file system syntax (filesystem:[/directory][/filename]).
The following tables list URL prefix keywords by the file system type. If you do not specify a URL
prefix keyword, the device looks for the file in the current directory.
Table 1 lists URL prefix keywords for bootflash and remote writable storage file systems.
source-url Location URL (or variable) of the source file or directory to be copied. The
source can be either local or remote, depending upon whether the file is being
downloaded or uploaded.
destination-url Destination URL (or variable) of the copied file or directory. The destination
can be either local or remote, depending upon whether the file is being
downloaded or uploaded.
Table 1 URL Prefix Keywords for Storage File Systems
Keyword Source or Destination
bootflash:[//module/] Source or destination URL for boot flash memory. The module argument
value is sup-active, sup-local, sup-remote, or sup-standby.
ftp: Source or destination URL for a FTP network server. The syntax for this
alias is as follows:
ftp:[//server][/path]/filename
scp: Source or destination URL for a network server that supports Secure Shell
(SSH) and accepts copies of files using the secure copy protocol (scp). The
syntax for this alias is as follows:
scp:[//[username@]server][/path]/filename
sftp: Source or destination URL for an SSH FTP (SFTP) network server. The
syntax for this alias is as follows:
sftp:[//[username@]server][/path]/filename
tftp: Source or destination URL for a TFTP network server. The syntax for this
alias is as follows:
tftp:[//server[:port]][/path]/filename
C Commands
copy
98
OL-20462-01
Table 2 lists the URL prefix keywords for nonwritable file systems.
Defaults The default name for the destination file is the source filename.
Command Modes Any
Command History
Usage Guidelines The entire copying process may take several minutes, depending on the network conditions and the size
of the file, and differs from protocol to protocol and from network to network.
The colon character (:) is required after the file system URL prefix keywords (such as bootflash).
In the URL syntax for ftp:, scp:, sftp:, and tftp:, the server is either an IP address or a host name.
Examples This example shows how to copy a file within the same directory:
switch# copy file1 file2
This example shows how to copy a file to another directory:
switch# copy file1 my_files:file2
This example shows how to copy a file to another supervisor module:
switch# copy file1 bootflash://sup-remote/file1.bak
Table 2 URL Prefix Keywords for Special File Systems
Keyword Source or Destination
core: Local memory for core files. You can copy core files from the core: file
system.
debug: Local memory for debug files. You can copy core files from the debug: file
system.
log: Local memory for log files. You can copy log files from the log: file system.
system: Local system memory. You can copy the running configuration to or from the
system: file system. The system: file system is optional when referencing the
running-config file in a command.
volatile: Local volatile memory. You can copy files to or from the volatile: file system.
All files in the volatile: memory are lost when the physical device reloads.
C Commands
copy
99
OL-20462-01
This example shows how to copy a file from a remote server:
switch# copy scp://10.10.1.1/image-file.bin bootflash:image-file.bin
cd Changes the current working directory.
cli var name Configures CLI variables for the session.
dir Displays the directory contents.
move Moves a file.
pwd Displays the name of the current working directory.
C Commands
copy running-config startup-config
100
OL-20462-01
To copy the running configuration to the startup configuration, use the copy running-config
startup-config command.
Defaults None
Command Modes Any
Command History
Usage Guidelines Use this command to save configuration changes in the running configuration to the startup
configuration in persistent memory. When a device reload or switchover occurs, the saved configuration
is applied.
Examples This example shows how to save the running configuration to the startup configuration:
switch# copy running-config startup-config
[########################################] 100%
Related Commands
Command Description
show running-config Displays the running configuration.
show running-config diff Displays the differences between the running configuration and the startup
configuration.
show startup-config Displays the startup configuration.
write erase Erases the startup configuration in the persistent memory.
101
OL-20462-01
D Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter D.
deadtime
To configure the duration of time for which a non-reachable RADIUS or TACACS+ server is skipped,
use the deadtime command. To revert to the default, use the no form of this command.
deadtime minutes
no deadtime minutes
Syntax Description
Defaults 0 minutes
Command Modes RADlUS server group configuration (config-radius)
TACACS+ server group configuration (config-tacacs+)
Global Configuration (config)
Command History
Usage Guidelines Before you can configure it, you must enable TACACS+ using the tacacs+ enable command.
The dead-time can be configured either globally and applied to all RADIUS or TACACS+ servers; or per
server group.
minutes Number of minutes, from 0 to 1440, for the interval.
D Commands
deadtime
102
OL-20462-01
If the dead-time interval for a RADIUS or TACACS+ server group is greater than zero (0), that value
takes precedence over the global dead-time value.
Setting the dead-time interval to 0 disables the timer.
When the dead-time interval is 0 minutes, RADIUS and TACACS+ servers are not marked as dead even
if they are not responding.
Examples This example shows how to set the dead-time interval to 2 minutes for a RADIUS server group:
switch# config t
switch(config)# aaa group server radius RadServer
switch(config-radius)# deadtime 2
This example shows how to set a global dead-time interval to 5 minutes for all TACACS+ servers and
server groups:
switch# config t
switch(config)# tacacs-server deadtime 5
switch(config)#
This example shows how to set the dead-time interval to 5 minutes for a TACACS+ server group:
switch# config t
switch(config-tacacs+)# deadtime 5
This example shows how to revert to the dead-time interval default:
switch# config t
switch(config)# feature tacacs+
switch(config-tacacs+)# no deadtime 5
radius-server host Configures a RADIUS server.
show radius-server groups Displays RADIUS server group information.
show tacacs-server groups Displays TACACS+ server group information.
tacacs-server host Configures a TACACS+ server.
D Commands
debug logfile
103
OL-20462-01
debug logfile
To direct the output of the debug commands to a specified file, use the debug logfile command. To revert
to the default, use the no form of this command.
debug logfile filename [size bytes]
no debug logfile filename [size bytes]
Syntax Description
Defaults Default filename: syslogd_debugs
Default file size: 4194304 bytes
Command Modes Any
Command History
Usage Guidelines The logfile is created in the log: file system root directory.
Use the dir log: command to display the log files.
Examples This example shows how to specify a debug logfile:
switch# debug logfile debug_log
This example shows how to revert to the default debug logfile:
switch# no debug logfile debug_log
Related Commands
filename Name of the file for debug command output. The filename is alphanumeric,
case sensitive, and has a maximum of 64 characters.
size bytes (Optional) Specifies the size of the logfile in bytes. The range is from 4096
to 4194304.
Command Description
dir Displays the contents of a directory.
show debug Displays the debug configuration.
show debug logfile Displays the debug logfile contents.
D Commands
debug logging
104
OL-20462-01
debug logging
To enable debug command output logging, use the debug logging command. To disable debug logging,
use the no form of this command.
debug logging
no debug logging
Defaults Disabled
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to enable the output logging for the debug command:
switch# debug logging
This example shows how to disable the output logging for the debug command:
switch# no debug logging
Related Commands
Command Description
debug logfile Configures the logfile for the debug command output.
D Commands
default switchport (port profile)
105
OL-20462-01
To remove a particular switchport characteristc from a port profile, use the default switchport
command.
default switchport {mode | access vlan | trunk {native | allowed} vlan | private-vlan
{host-association | mapping [trunk]} | port-security}
Syntax Description
Defaults None
Command History
Usage Guidelines The functionally of this command is equivalent to using the no form of a specific switchport command.
For example, the effect of the following commands is the same:
default switchport mode command = no switchport mode command
default switchport access vlan command = no switchport access vlan command
default switchport trunk native vlan command= no switchport trunk native vlan command
Examples This example shows how to revert port profile ports to switch access ports.
n1000v(config-port-prof)# default switchport mode
mode Removes the port mode characteristic from a port profile, which causes the port
mode to revert to global or interface defaults (access mode). This is equivalent
to executing the no switchport mode port-profile command.
access vlan Removes an access VLAN configuration.
trunk allowedvlan Removes trunking allowed VLAN characteristics.
trunk native vlan Removes trunking native VLAN characteristics.
private-vlan
host-association
Removes PVLAN host-association.
private-vlan
mapping
Removes PVLAN mapping.
port-security Removes port-security characteristics.
D Commands
106
OL-20462-01
This example shows how to remove the trunking allowed VLAN characteristics of a port profile.
n1000v(config-port-prof)# default switchport trunk allowed vlan
This example shows how toremove the private VLAN host association of a port profile.
n1000v(config-port-prof)# default switchport private-vlan host-association
This example shows how to remove port security characteristics of a port profile.
n1000v(config-port-prof)# default switchport port-security
show port-profile Displays information about port profile(s).
D Commands
default shutdown (port profile)
107
OL-20462-01
To remove the admin status characteristic (config attribute) from a port-profile, use the default
shutdown command. This will set the admin status of the interfaces inheriting this port-profile to the
global or interface default (usually, the default admin status is shutdown).
default shutdown
Defaults None
Command Modes Port Profile Configuration (config- port-prof)
Command History
Usage Guidelines
Examples This example shows how to change the ports in a port profile to the shutdown state:
n1000v# config t
n1000v# port-profile DataProfile
n1000v(config-port-prof)# default shutdown
n1000v(config-port-prof)# show port-profile name DataProfile
port-profile DataProfile
description:
status: enabled
capability uplink: no
system vlans: none
port-group: DataProfile
max-ports: 32
inherit:
config attributes:
Vethernet1switch(config-port-prof)#
D Commands
108
OL-20462-01
show port-profile Displays the configuration for a port profile.
D Commands
default shutdown (interface)
109
OL-20462-01
default shutdown (interface)
To remove any interface-level override for the admin status, use the default shutdown command. This
command removes any configuration for admin status entered previously. This allows the port-profile
config to take effect.
default shutdown
Defaults None
Command Modes Interface Configuration (config- if)
Command History
Usage Guidelines
Examples This example shows how to change the ports to the shutdown state:
n1000v# config t
n1000v(config)# interface ethernet 3/2
n1000v(config-if)# default shutdown
n1000v(config-if)#
Related Commands
Command Description
show running-config
interface
Displays the configuration of an interface.
D Commands
default switchport port-security (VEthernet)
110
OL-20462-01
default switchport port-security (VEthernet)
To remove any user configuration for the switchport port-security characteristic from a VEthernet
interface, use the default switchport port-security command. This has the effect of setting the default
(disabled) for port-security for that interface.
default switchport port-security
Defaults Disabled
Command History
Usage Guidelines
Examples This example shows how to disable port security on VEthernet 2:
switch# config t
switch(config)# interface veth 2
switch(config-if)# default switchport port-security
switch(config-if)#
Related Commands
Command Description
show running-config
port-security
Displays the port security configuration.
show port-security Displays the port security status.
D Commands
delay
111
OL-20462-01
delay
To assign an informational throughput delay value to an Ethernet interface, use the delay command. To
remove delay value, use the no form of this command.
delay value
no delay [value]
Syntax Description
Defaults None
Command History
Usage Guidelines The actual Ethernet interface throughput delay time does not change when you set this valuethe setting
is for informational purposes only.
Examples This example shows how to assign the delay time to an Ethernet slot 3 port 1 interface:
switch# config t
switch(config)# interface ethernet 3/1
switch(config-if)# delay 10000
switch(config-if)#
This example shows how to remove the delay time configuration:
switch# config t
switch(config-if)# no delay 10000
switch(config-if)#
Related Commands
delay_val Specifies the throughput delay time in tens of microseconds.
Allowable values are between 1 and 16777215.
Command Description
show interface Displays configuration information for an interface.
D Commands
delete
112
OL-20462-01
delete
To delete a file, use the delete command.
delete [filesystem:[//directory/] | directory/]filename
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines Use the dir command to locate the file you that want to delete.
Examples This example shows how to delete a file:
switch# delete bootflash:old_config.cfg
Related Commands
filesystem: (Optional) Name of the file system. Valid values are bootflash or volatile.
//directory/ (Optional) Name of the directory. The directory name is case sensitive.
filename Name of the file. The name is case sensitive.
Command Description
dir Displays the contents of a directory.
D Commands
deny (IPv4)
113
OL-20462-01
deny (IPv4)
To create an IPv4 ACL rule that denies traffic matching its conditions, use the deny command. To
remove a rule, use the no form of this command.
General Syntax
[sequence-number] deny protocol source destination [dscp dscp | precedence precedence]
no deny protocol source destination [dscp dscp | precedence precedence]
no sequence-number
Internet Control Message Protocol
[sequence-number] deny icmp source destination [icmp-message] [dscp dscp | precedence
precedence]
Internet Group Management Protocol
[sequence-number] deny igmp source destination [igmp-message] [dscp dscp | precedence
precedence]
Internet Protocol v4
[sequence-number] deny ip source destination [dscp dscp | precedence precedence]
Transmission Control Protocol
[sequence-number] deny tcp source [operator port [port] | portgroup portgroup] destination
[operator port [port] | portgroup portgroup] [dscp dscp | precedence precedence] [fragments]
[log] [time-range time-range-name] [flags] [established]
User Datagram Protocol
[sequence-number] deny udp source operator port [port] destination [operator port [port] [dscp
dscp | precedence precedence]
D Commands
deny (IPv4)
114
OL-20462-01
Syntax Description sequence-number (Optional) Sequence number of the deny command, which causes the device to
insert the command in that numbered position in the access list. Sequence
numbers maintain the order of rules within an ACL.
A sequence number can be any integer between 1 and 4294967295.
By default, the first rule in an ACL has a sequence number of 10.
If you do not specify a sequence number, the device adds the rule to the end of the
ACL and assigns a sequence number that is 10 greater than the sequence number
of the preceding rule.
Use the resequence command to reassign sequence numbers to rules.
protocol Name or number of the protocol of packets that the rule matches. Valid numbers
are from 0 to 255. Valid protocol names are the following keywords:
icmpSpecifies that the rule applies to ICMP traffic only. When you use this
keyword, the icmp-message argument is available, in addition to the keywords
that are available for all valid values of the protocol argument.
igmpSpecifies that the rule applies to IGMP traffic only. When you use this
keyword, the igmp-type argument is available, in addition to the keywords
ipSpecifies that the rule applies to all IPv4 traffic. When you use this
keyword, only the other keywords and arguments that apply to all IPv4
protocols are available. They include the following:
dscp
precedence
tcpSpecifies that the rule applies to TCP traffic only. When you use this
keyword, the flags and operator arguments are available, in addition to the
keywords that are available for all valid values of the protocol argument.
udpSpecifies that the rule applies to UDP traffic only. When you use this
keyword, the operator argument is available, in addition to the keywords that
are available for all valid values of the protocol argument.
source Source IPv4 addresses that the rule matches. For details about the methods that
you can use to specify this argument, see Source and Destination in the Usage
Guidelines section.
destination Destination IPv4 addresses that the rule matches. For details about the methods
that you can use to specify this argument, see Source and Destination in the
Usage Guidelines section.
D Commands
deny (IPv4)
115
OL-20462-01
dscp dscp (Optional) Specifies that the rule matches only those packets with the specified
6-bit differentiated services value in the DSCP field of the IP header. The dscp
argument can be one of the following numbers or keywords:
063The decimal equivalent of the 6 bits of the DSCP field. For example,
if you specify 10, the rule matches only those packets that have the following
bits in the DSCP field: 001010.
af11Assured Forwarding (AF) class 1, low drop probability (001010)
af12AF class 1, medium drop probability (001100)
af13AF class 1, high drop probability (001110)
af21AF class 2, low drop probability (010010)
cs1Class-selector (CS) 1, precedence 1 (001000)
cs2CS2, precedence 2 (010000)
defaultDefault DSCP value (000000)
efExpedited Forwarding (101110)
D Commands
deny (IPv4)
116
OL-20462-01
precedence
precedence
(Optional) Specifies that the rule matches only packets that have an IP Precedence
field with the value specified by the precedence argument. The precedence
argument can be a number or a keyword, as follows:
07Decimal equivalent of the 3 bits of the IP Precedence field. For
example, if you specify 3, the rule matches only packets that have the
following bits in the DSCP field: 011.
criticalPrecedence 5 (101)
flashPrecedence 3 (011)
flash-overridePrecedence 4 (100)
immediatePrecedence 2 (010)
internetPrecedence 6 (110)
networkPrecedence 7 (111)
priorityPrecedence 1 (001)
routinePrecedence 0 (000)
icmp-message (ICMP only: Optional) ICMP message type that the rule matches. This argument
can be an integer from 0 to 255 or one of the keywords listed under ICMP
Message Types in the Usage Guidelines section.
igmp-message (IGMP only: Optional) IGMP message type that the rule matches. The
igmp-message argument can be the IGMP message number, which is an integer
from 0 to 15. It can also be one of the following keywords:
dvmrpDistance Vector Multicast Routing Protocol
host-queryHost query
host-reportHost report
pimProtocol Independent Multicast
traceMulticast trace
D Commands
deny (IPv4)
117
OL-20462-01
Defaults A newly created IPv4 ACL contains no rules.
If you do not specify a sequence number, the device assigns the rule a sequence number that is 10 greater
than the last rule in the ACL.
Command Modes IPv4 ACL configuration (config-acl)
Command History
operator port
[port]
(Optional; TCP and UDP only) Rule matches only packets that are from a source
port or sent to a destination port that satisfies the conditions of the operator and
port arguments. Whether these arguments apply to a source port or a destination
port depends upon whether you specify them after the source argument or after
the destination argument.
The port argument can be the name or the number of a TCP or UDP port. Valid
numbers are integers from 0 to 65535. For listings of valid port names, see TCP
Port Names and UDP Port Names in the Usage Guidelines section.
A second port argument is required only when the operator argument is a range.
The operator argument must be one of the following keywords:
eqMatches only if the port in the packet is equal to the port argument.
gtMatches only if the port in the packet is greater than and not equal to the
port argument.
ltMatches only if the port in the packet is less than and not equal to the port
argument.
neqMatches only if the port in the packet is not equal to the port argument.
rangeRequires two port arguments and matches only if the port in the
packet is equal to or greater than the first port argument and equal to or less
than the second port argument.
flags (TCP only; Optional) TCP control bit flags that the rule matches. The value of the
flags argument must be one or more of the following keywords:
ack
fin
psh
rst
syn
urg
D Commands
deny (IPv4)
118
OL-20462-01
Usage Guidelines When the device applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL.
The device enforces the first rule that has conditions that are satisfied by the packet. When the conditions
of more than one rule are satisfied, the device enforces the rule with the lowest sequence number.
Source and Destination
You can specify the source and destination arguments in one of several ways. In each rule, the method
that you use to specify one of these arguments does not affect how you specify the other argument. When
you configure a rule, use the following methods to specify the source and destination arguments:
Address and network wildcardYou can use an IPv4 address followed by a network wildcard to
specify a host or a network as a source or destination. The syntax is as follows:
IPv4-address network-wildcard
The following example shows how to specify the source argument with the IPv4 address and
network wildcard for the 192.168.67.0 subnet:
switch(config-acl)# deny tcp 192.168.67.0 0.0.0.255 any
Address and variable-length subnet maskYou can use an IPv4 address followed by a
variable-length subnet mask (VLSM) to specify a host or a network as a source or destination. The
syntax is as follows:
IPv4-address/prefix-len
The following example shows how to specify the source argument with the IPv4 address and VLSM
for the 192.168.67.0 subnet:
switch(config-acl)# deny udp 192.168.67.0/24 any
Host addressYou can use the host keyword and an IPv4 address to specify a host as a source or
destination. The syntax is as follows:
host IPv4-address
This syntax is equivalent to IPv4-address/32 and IPv4-address 0.0.0.0.
The following example shows how to specify the source argument with the host keyword and the
192.168.67.132 IPv4 address:
switch(config-acl)# deny icmp host 192.168.67.132 any
Any addressYou can use the any keyword to specify that a source or destination is any IPv4
address. For examples of the use of the any keyword, see the examples in this section. Each example
shows how to specify a source or destination by using the any keyword.
ICMP Message Types
The icmp-message argument can be the ICMP message number, which is an integer from 0 to 255. It can
also be one of the following keywords:
administratively-prohibitedAdministratively prohibited
alternate-addressAlternate address
conversion-errorDatagram conversion
dod-host-prohibitedHost prohibited
dod-net-prohibitedNet prohibited
echoEcho (ping)
echo-replyEcho reply
D Commands
deny (IPv4)
119
OL-20462-01
general-parameter-problemParameter problem
host-isolatedHost isolated
host-precedence-unreachableHost unreachable for precedence
host-redirectHost redirect
host-tos-redirectHost redirect for ToS
host-tos-unreachableHost unreachable for ToS
host-unknownHost unknown
host-unreachableHost unreachable
information-replyInformation replies
information-requestInformation requests
mask-replyMask replies
mask-requestMask requests
mobile-redirectMobile host redirect
net-redirectNetwork redirect
net-tos-redirectNet redirect for ToS
net-tos-unreachableNetwork unreachable for ToS
net-unreachableNet unreachable
network-unknownNetwork unknown
no-room-for-optionParameter required but no room
option-missingParameter required but not present
packet-too-bigFragmentation needed and DF set
parameter-problemAll parameter problems
port-unreachablePort unreachable
precedence-unreachablePrecedence cutoff
protocol-unreachableProtocol unreachable
reassembly-timeoutReassembly timeout
redirectAll redirects
router-advertisementRouter discovery advertisements
router-solicitationRouter discovery solicitations
source-quenchSource quenches
source-route-failedSource route failed
time-exceededAll time-exceeded messages
timestamp-replyTime-stamp replies
timestamp-requestTime-stamp requests
tracerouteTraceroute
ttl-exceededTTL exceeded
unreachableAll unreachables
D Commands
deny (IPv4)
120
OL-20462-01
TCP Port Names
When you specify the protocol argument as tcp, the port argument can be a TCP port number, which is
an integer from 0 to 65535. It can also be one of the following keywords:
bgpBorder Gateway Protocol (179)
chargenCharacter generator (19)
cmdRemote commands (rcmd, 514)
daytimeDaytime (13)
discardDiscard (9)
domainDomain Name Service (53)
dripDynamic Routing Information Protocol (3949)
echoEcho (7)
execEXEC (rsh, 512)
fingerFinger (79)
ftpFile Transfer Protocol (21)
ftp-dataFTP data connections (2)
gopherGopher (7)
hostnameNIC hostname server (11)
identIdent Protocol (113)
ircInternet Relay Chat (194)
kloginKerberos login (543)
kshellKerberos shell (544)
loginLogin (rlogin, 513)
lpdPrinter service (515)
nntpNetwork News Transport Protocol (119)
pim-auto-rpPIM Auto-RP (496)
pop2Post Office Protocol v2 (19)
smtpSimple Mail Transport Protocol (25)
sunrpcSun Remote Procedure Call (111)
tacacsTAC Access Control System (49)
talkTalk (517)
telnetTelnet (23)
timeTime (37)
uucpUNIX-to-UNIX Copy Program (54)
whoisWHOIS/NICNAME (43)
wwwWorld Wide Web (HTTP, 8)
D Commands
deny (IPv4)
121
OL-20462-01
UDP Port Names
When you specify the protocol argument as udp, the port argument can be a UDP port number, which
is an integer from 0 to 65535. It can also be one of the following keywords:
biffBiff (mail notification, comsat, 512)
bootpcBootstrap Protocol (BOOTP) client (68)
bootpsBootstrap Protocol (BOOTP) server (67)
discardDiscard (9)
dnsixDNSIX security protocol auditing (195)
domainDomain Name Service (DNS, 53)
echoEcho (7)
isakmpInternet Security Association and Key Management Protocol (5)
mobile-ipMobile IP registration (434)
nameserverIEN116 name service (obsolete, 42)
netbios-dgmNetBIOS datagram service (138)
netbios-nsNetBIOS name service (137)
netbios-ssNetBIOS session service (139)
non500-isakmpInternet Security Association and Key Management Protocol (45)
ntpNetwork Time Protocol (123)
ripRouting Information Protocol (router, in.routed, 52)
snmpSimple Network Management Protocol (161)
snmptrapSNMP Traps (162)
syslogSystem Logger (514)
talkTalk (517)
tftpTrivial File Transfer Protocol (69)
timeTime (37)
whoWho service (rwho, 513)
xdmcpX Display Manager Control Protocol (177)
Examples This example shows how to configure an IPv4 ACL named acl-lab-01 with rules that deny all TCP and
UDP traffic from the 10.23.0.0 and 192.168.37.0 networks to the 10.176.0.0 network and a final rule that
permits all other IPv4 traffic:
switch# config t
switch(config)# ip access-list acl-lab-01
switch(config-acl)# deny tcp 10.23.0.0/16 10.176.0.0/16
switch(config-acl)# deny udp 10.23.0.0/16 10.176.0.0/16
switch(config-acl)# deny tcp 192.168.37.0/16 10.176.0.0/16
switch(config-acl)# deny udp 192.168.37.0/16 10.176.0.0/16
D Commands
deny (IPv4)
122
OL-20462-01
switch(config-acl)# permit ip any any
ip access-list Configures an IPv4 ACL.
permit (IPv4) Configures a permit rule in an IPv4 ACL.
remark Configures a remark in an IPv4 ACL.
show ip access-list Displays all IPv4 ACLs or one IPv4 ACL.
statistics per-entry Enables collection of statistics for each entry in an ACL.
D Commands
deny (MAC)
123
OL-20462-01
deny (MAC)
To create a MAC access control list (ACL)+ rule that denies traffic matching its conditions, use the deny
command. To remove a rule, use the no form of this command.
[sequence-number] deny source destination [protocol] [cos cos-value] [vlan VLAN-ID]
no deny source destination [protocol] [cos cos-value] [vlan VLAN-ID]
no sequence-number
Syntax Description
Defaults A newly created MAC ACL contains no rules.
If you do not specify a sequence number, the device assigns the rule a sequence number that is 10 greater
than the last rule in the ACL.
Command Modes MAC ACL Configuration (config-mac-acl)
sequence-number (Optional) Sequence number of the deny command, which causes the device to
If you do not specify a sequence number, the device adds the rule to the end of
the ACL and assigns a sequence number that is 10 greater than the sequence
number of the preceding rule.
source Source MAC addresses that the rule matches. For details about the methods that
you can use to specify this argument, see Source and Destination in the
destination Destination MAC addresses that the rule matches. For details about the methods
protocol (Optional) Protocol number that the rule matches. Valid protocol numbers are
0x0 to 0xffff. For listings of valid protocol names, see MAC Protocols in the
cos cos-value (Optional) Specifies that the rule matches only packets with an IEEE 802.1Q
header that contains the Class of Service (CoS) value given in the cos-value
argument. The cos-value argument can be an integer from 0 to 7.
vlan VLAN-ID (Optional) Specifies that the rule matches only packets with an IEEE 802.1Q
header that contains the VLAN ID given. The VLAN-ID argument can be an
integer from 1 to 4094.
D Commands
deny (MAC)
124
OL-20462-01
Command History
Usage Guidelines When the device applies a MAC ACL to a packet, it evaluates the packet with every rule in the ACL. The
device enforces the first rule that has conditions that are satisfied by the packet. When the conditions of
more than one rule are satisfied, the device enforces the rule with the lowest sequence number.
You can specify the source and destination arguments in one of two ways. In each rule, the method that
you use to specify one of these arguments does not affect how you specify the other argument. When
you configure a rule, use the following methods to specify the source and destination arguments:
Address and maskYou can use a MAC address followed by a mask to specify a single address or
a group of addresses. The syntax is as follows:
MAC-address MAC-mask
The following example specifies the source argument with the MAC address 00c0.4f03.0a72:
switch(config-acl)# deny 00c0.4f03.0a72 0000.0000.0000 any
The following example specifies the destination argument with a MAC address for all hosts with a
MAC vendor code of 00603e:
switch(config-acl)# deny any 0060.3e00.0000 0000.0000.0000
Any addressYou can use the any keyword to specify that a source or destination is any MAC
address. For examples of the use of the any keyword, see the examples in this section. Each of the
examples shows how to specify a source or destination by using the any keyword.
MAC Protocols
The protocol argument can be the MAC protocol number or a keyword. The protocol number is a
four-byte hexadecimal number prefixed with 0x. Valid protocol numbers are from 0x0 to 0xffff. Valid
keywords are the following:
aarpAppletalk ARP (0x80f3)
appletalkAppletalk (0x809b)
decnet-ivDECnet Phase IV (0x6003)
diagnosticDEC Diagnostic Protocol (0x6005)
etype-6000EtherType 0x6000 (0x6000)
etype-8042EtherType 0x8042 (0x8042)
ipInternet Protocol v4 (0x0800)
latDEC LAT (0x6004)
lavc-scaDEC LAVC, SCA (0x6007)
mop-consoleDEC MOP Remote console (0x6002)
mop-dumpDEC MOP dump (0x6001)
vines-echoVINES Echo (0x0baf)
D Commands
deny (MAC)
125
OL-20462-01
Examples This example shows how to configure a MAC ACL named mac-ip-filter with rules that permit any
non-IPv4 traffic between two groups of MAC addresses:
switch# config t
switch(config)# mac access-list mac-ip-filter
switch(config-mac-acl)# deny 00c0.4f00.0000 0000.00ff.ffff 0060.3e00.0000 0000.00ff.ffff
ip
switch(config-mac-acl)# permit any any
mac access-list Configures a MAC ACL.
permit (MAC) Configures a deny rule in a MAC ACL.
remark Configures a remark in an ACL.
show mac access-list Displays all MAC ACLs or one MAC ACL.
D Commands
description (interface)
126
OL-20462-01
description (interface)
To do add a description for the interface and save it in the running configuration, use the description
command. To remove the interface description, use the no form of this command.
description text
no description
Syntax Description
Defaults None
Command History
Usage Guidelines .
Examples This example shows how to add the description for the interface and save it in the running configuration.:
switch(config-if)# description Ethernet port 3 on module 1
This example shows how to remove the interface description.
switch(config-if)# no description Ethernet port 3 on module 1
Related Commands
text Describes the interface. The maximum number of characters is 80.
Command Description
interface vethernet Creates a virtual Ethernet interface.
interface port-channel Creates a port-channel interface.
interface ethernet Creates an Ethernet interface.
interface mgmt Configure the management interface.
show interface Displays the interface status, including the description.
D Commands
description (NetFlow)
127
OL-20462-01
To add a description to a flow record, flow monitor, or flow exporter, use the description command. To
remove the description, use the no form of this command.
description line
no description
Syntax Description
Defaults None
Command Modes NetFlow flow record (config-flow-record)
NetFlow flow exporter (config-flow-exporter)
Netflow flow monitor (config-flow-monitor)
Command History
Usage Guidelines
Examples This example shows how to add a description to a flow record:
n1000v(config)# flow record RecordTest
n1000v(config-flow-record)# description Ipv4flow
This example shows how to add a description to a flow exporter:
n1000v# config t
n1000v(config)# flow exporter ExportTest
n1000v(config-flow-exporter)# description ExportHamilton
This example shows how to add a description to a flow monitor:
n1000v# config t
n1000v(config-flow-monitor)# description Ipv4Monitor
line Description of up to 63 characters.
D Commands
128
OL-20462-01
flow exporter Creates a Flexible NetFlow flow exporter.
flow record Creates a Flexible NetFlow flow record.
flow monitor Creates a Flexible NetFlow flow monitor.
show flow exporter Displays information about the NetFlow flow exporter.
show flow record Displays information about NetFlow flow records.
show flow monitor Displays information about the NetFlow flow monitor.
D Commands
description (QoS)
129
OL-20462-01
description (QoS)
To add a description to a QoS class map, policy map, use the description command. To remove the
description, use the no form of this command.
description text
no description text
Syntax Description
Defaults None
Command Modes QoS Class Map Configuration (config-cmap-qos)
QoS Policy Map Configuration (config-pmap-qos)
Command History
Usage Guidelines
Examples This example shows how to add a description to a policy map:
switch(config-pmap)# description this policy applies to input packets
switch(config-pmap)#
Related Commands
text Description, of up to 200 characters, for the class map or policy map.
Command Description
class-map Creates or modifies a class map.
policy-map Creates or modifies a policy map.
D Commands
description (role)
130
OL-20462-01
description (role)
To add a description for a role, use the description command. To remove a description of a role, use the
description string
no description
Syntax Description
Defaults None
Command Modes Role Configuration (config-role)
Command History
Usage Guidelines None.
Examples This example shows how to add a description to a role:
switch(config-role)# description admin
This example shows how to remove the role description:
switch(config-role)# no description admin
Related Commands
string Describes the role. The string can include spaces.
Command Description
username Creates a user account including the assignment of a role.
show role Displays a role configuration.
D Commands
description (SPAN)
131
OL-20462-01
description (SPAN)
To add a description to a SPAN session, use the description command. To remove the description, use
the no form of this command.
description string
no description
Syntax Description
Defaults Blank (no description)
Command Modes SPAN Monitor Configuration (config-monitor)
Command History
Examples This example shows how to add a description to a SPAN session:
switch# config t
switch(config)# monitor session 8
switch(config-monitor)# description span_session_8a
switch(config-monitor)#
This example shows how to remove a description from a SPAN session:
switch# config t
switch(config)# no description span_session_8a
Related Commands
string Specifies a description of up to 32 alphanumeric characters.
Command Description
show monitor session Displays session information.
D Commands
destination (NetFlow)
132
OL-20462-01
To add a destination IP address or VRF to a NetFlow flow exporter, use the destination command. To
remove the IP address or VRF, use the no form of this command.
destination {ipaddr | ipv6addr} [use-vrf vrf_name]
no destination
Syntax Description
Defaults None
Command Modes NetFlow Flow Exporter Configuration (config-flow-exporter)
Command History
Usage Guidelines
Examples This example shows how to add a destination IP address to a Netflow flow exporter:
switch# config t
switch(config)# flow exporter ExportTest
switch(config-flow-exporter)# destination 192.0.2.1
This example shows how to remove the IP address from a flow exporter:
switch# config t
switch(config-flow-exporter)# no destination 192.0.2.1
Related Commands
ipaddr Destination IP address for collector.
ipv6addr Destination IPv6 address for collector.
use-vrf vrf_name (Optional) Optional VRF label.
Command Description
D Commands
133
OL-20462-01
Command Description
D Commands
destination interface (SPAN)
134
OL-20462-01
To configures the port(s) in a SPAN session to act as destination(s) for copied source packets, use the
destination interface command. To remove the destination interface, use the no form of this command.
destination interface type number(s)_or_range
no destination interface type number(s)_or_range
Syntax Description
Defaults None
Command Modes SPAN Monitor Configuration (config-monitor)
Command History
Usage Guidelines SPAN destination ports must already be configured as either access or trunk ports.
SPAN sessions are created in the shut state by default.
When you create a SPAN session that already exists, any additional configuration is added to that
session. To make sure the session is cleared of any previous configuration, you can delete the session
first using the command, no monitor session.
Examples This example shows how to configure ethernet interfaces 2/5 and 3/7 in a SPAN session to act as
destination(s) for copied source packets:
switch# config t
switch(config-monitor)# destination interface ethernet 2/5, ethernet 3/7
ethernet
slot/port_or_range
Designates the SPAN destination(s) Ethernet interface(s).
port-channel
number(s)_or_range
Designates the SPAN destination(s) port channel(s).
vethernet
number(s)_or_range
Designates the SPAN destination(s) virtual Ethernet interface(s).
D Commands
135
OL-20462-01
This example shows how to remove the SPAN configuration from destination interface ethernet 2/5:
switch# config t
switch(config-monitor)# no destination interface ethernet 2/5
show interface Displays the interface trunking configuration for the specified destination
interface.
show monitor Displays Ethernet SPAN information.
monitor session Starts the specified SPAN monitor session(s).
D Commands
dir
136
OL-20462-01
dir
To display the contents of a directory or file, use the dir command.
dir [bootflash: | debug: | log: | volatile:]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines Use the pwd command to identify the directory you are currently working in.
Use the cd command to change the directory you are currently working in.
Examples This example shows how to display the contents of the bootflash: directory
switch# dir bootflash:
Related Commands
bootflash: (Optional) Directory or filename.
debug: (Optional) Directory or filename on expansion flash.
log: (Optional) Directory or filename on log flash.
volatile: (Optional) Directory or filename on volatile flash.
Command Description
pwd Displays the current working directory.
D Commands
domain id
137
OL-20462-01
domain id
To assign a domain-id, use the domain id command. To remove a domain-id, use the no form of this
command.
domain id number
no domain id
Syntax Description
Defaults None
Command Modes Domain Configuration (config-svs-domain)
Command History
Usage Guidelines During installation of the Cisco Nexus 1000V the setup utility prompts you to configure a domain,
including the domain ID and control and packet VLANs.
Examples This example shows how to assign a domain id:
switch# config t
switch(config)# sve-domain
switch(config-svs-domain)# domain-id number 32
This example shows how to remove the domain-id:
switch# config t
switch(config)# sve-domain
switch(config-svs-domain)# no domain-id number 32
Related Commands
number Specifies the domain-id number. The allowable domain IDs are 1 to 4095.
Command Description
show svs domain Displays domain configuration.
D Commands
dscp (NetFlow)
138
OL-20462-01
dscp (NetFlow)
To add a differentiated services codepoint (DSCP) to a NetFlow flow exporter, use the dscp command.
To remove the DSCP, use the no form of this command.
dscp value
no dscp
Syntax Description
Defaults None
Command History
Examples This example shows how to configure DSCP for a NetFlow flow exporter:
switch# config t
switch(config-flow-exporter)# dscp 2
switch(config-flow-exporter)#
This example shows how to remove DSCP from the NetFlow flow exporter:
switch# config t
switch(config-flow-exporter)# no dscp 2
Related Commands
value Specifies a DSCP between 0 and 63.
Command Description
D Commands
dscp (NetFlow)
139
OL-20462-01
Command Description
D Commands
dscp (NetFlow)
140
OL-20462-01
141
OL-20462-01
E Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter E.
echo
To echo an argument back to the terminal screen, use the echo command.
echo [backslash-interpret] [text]
Syntax Description
Defaults Displays a blank line.
Command Modes Any
Command History
-e (Optional) Interprets any character following a backslash character (\) as a
formatting option.
backslash-interpret (Optional) Interprets any character following a backslash character (\) as a
formatting option.
text (Optional) Text string to display. The text string is alphanumeric, case
sensitive, can contain spaces, and has a maximum length of 200 characters.
The text string can also contain references to CLI variables.
E Commands
echo
142
OL-20462-01
Usage Guidelines You can use this command in a command script to display information while the script is running.
Table 1 lists the formatting keywords that you can insert in the text when you include the -e or
backslash-interpret keyword.
Examples This example shows how to display a blank line at the command prompt:
switch# echo
This example shows how to display a line of text at the command prompt:
switch# echo Script run at $(TIMESTAMP).
Script run at 2008-08-12-23.29.24.
This example shows how to use a formatting option in the text string:
switch# echo backslash-interpret This is line #1. \nThis is line #2.
This is line #1.
This is line #2.
Related Commands
Table 1 Formatting Options for the echo Command
Formatting
Option Description
\b Back spaces.
\c Removes the new line character at the end of the text string.
\f Inserts a form feed character.
\n Inserts a new line character.
\r Returns to the beginning of the text line.
\t Inserts a horizontal tab character.
\v Inserts a vertical tab character.
\\ Displays a backslash character.
\nnn Displays the corresponding ASCII octal character.
Command Description
run-script Runs command scripts.
E Commands
end
143
OL-20462-01
end
To exit a configuration mode and return to Privileged EXEC mode, use the end command.
end
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines This command differs from the exit command in that the exit command returns you to the configuration
mode you were previously in. The end command always takes you completely out of configuration mode
and places you in Privileged EXEC mode.
Examples This example shows how to end the session in Global Configuration mode and return to Privileged EXEC
mode:
switch(config)# end
switch#
This example shows how to end the session in Interface Configuration mode and return to Privileged
EXEC modee:
switch(config-if)# end
switch#
Related Commands
Command Description
exit Exits the current command mode and returns you to the previous command
mode.
E Commands
errdisable detect cause
144
OL-20462-01
To start detection of the cause for any interface to be error-disabled, use the errdisable detect cause
command. To return to the default setting, use the no version of this command. To restore the default
setting, use the default form of this command.
errdisable detect cause {acl-exception | all | arp-inspection | dhcp-rate-limit | link-flap |
loopback}
no errdisable detect cause {acl-exception | all | arp-inspection | dhcp-rate-limit | link-flap |
loopback}
default errdisable detect cause {acl-exception | all | arp-inspection | dhcp-rate-limit | link-flap
| loopback}
Syntax Description
Command Default Disabled
Command Modes Global Configuration
Command History
Usage Guidelines Use the errdisable detect cause command to enable error detection for an application.
The error-disabled state is an operational state that is similar to the link-down state. You must enter the
shutdown command and then the no shutdown command to recover an interface manually from the
error-disabled state.
Examples This example shows how to detect the cause of the error-disabled state for all applications:
switch(config)# errdisable detect cause all
switch(config)#
acl-
exception
Enables error-disabled detection for access-list installation failures.
all Enables error-disabled detection on all causes.
arp-inspection Enables error-disable detection on and ARP inspection.
dhcp-rate-limit Enables error-disable detection on a DHCP rate limit.
link-flap Enables error-disabled disable detection on link-state flapping.
loopback Enables error-disabled detection on a loopback.
E Commands
145
OL-20462-01
shutdown Brings the port down administratively.
no shutdown Brings the port up administratively.
show interface status
err-disabled
Displays the interfaces currently in the error-disabled state.
E Commands
errdisable recovery cause
146
OL-20462-01
To enable the automatic recovery from the error-disabled (errdisable) state for an application, use the
errdisable recovery cause command. To return to the default setting, use the no version of this
command. To restore the default setting, use the default form of this command.
errdisable recovery cause {all | arp-inspection | bpduguard | dhcp-rate-limit | link-flap |
failed-port-state | psecure-violation | security-violation | storm-control | udld |
vpc-peerlink}
no errdisable recovery cause {all | arp-inspection | bpduguard | dhcp-rate-limit | link-flap |
psecure-violation | security-violation | storm-control | udld | vpc-peerlink}
default errdisable recovery cause {all | arp-inspection | bpduguard | dhcp-rate-limit | link-flap
| psecure-violation | security-violation | storm-control | udld | vpc-peerlink}
Syntax Description
Command Default Disabled
Command History
all Enables automatic recovery from all causes for the error-disabled state.
arp-inspection Enables automatic recovery from the ARP inspection error state.
bpduguard Enables automatic recovery from BPDU Guard error-disabled state.
dhcp-rate-limit Enables automatic recovery from the DHCP rate-limit error state.
link-flap Enables automatic recovery from link-state flapping.
failed-port
state
Enables timer automatic recovery from the Spanning Tree Protocol (STP) set
port state failure.
psecure-
violation
Enables timer automatic recovery from the psecure violation disable state.
security-
violation
Enables automatic recovery from the 802.1X violation disable state.
storm-
control
Enables automatic recovery from the storm control error-disabled state.
udld Enables automatic recovery from the UDLD error-disabled state.
vpc-peerlink Enables automatic recovery from an inconsistent virtual port channel (vPC)
peer-link error-disabled state.
E Commands
147
OL-20462-01
Usage Guidelines Use the errdisable recovery cause command to enable automatic recovery on the interface from the
error-disabled state for an application. This command tries to bring the interface out of the error-disabled
state and retry operation once all the causes have timed out. The interface automatically tries to come up
again after 300 seconds. To change this interval, use the errdisable recovery interval command.
Examples This example shows how to automatically recover from the error-disabled state for link flapping after
you have enabled the recovery timer:
switch(config)# errdisable recovery cause link-flap
switch(config)#
errdisable recovery
interval
Enables the recovery timer.
err-disabled
Displays the interface error-disabled state.
E Commands
errdisable recovery interval
148
OL-20462-01
errdisable recovery interval
To enable the recovery timer, use the errdisable recovery interval command.
errdisable recovery interval interval
Syntax Description
Command Default 300 seconds
Command History
Usage Guidelines Use the errdisable recovery interval command to configure the recovery timer.
Examples This example shows how to configure the recovery timer:
switch(config)# errdisable recovery interval 32
switch(config)#
Related Commands
interval Error detection for access-list installation failures. The range is from 30 to
65535.
Command Description
errdisable recovery
cause
Enables the error-disabled recovery for an application.
err-disabled
Displays the interface error-disabled state.
E Commands
exec-timeout
149
OL-20462-01
exec-timeout
To configure the length of time, in minutes, that an inactive Telnet or SSH session remains open before
it is automatically shut down, use the exec-timeout command. To remove an exec timeout setting, use
exec-timeout time
no exec-timeout [time]
Syntax Description
Defaults No timeout is configured.
Command Modes Console Configuration (config-console)
Command History
Usage Guidelines When you set time to 0, exec timeout is disabled.
Examples This example shows how to configure an inactive session timeout for the console port:
switch(config)# line console
switch(config-com1)# exec-timeout 20
This example shows how to configure an inactive session timeout for the virtual terminal:
switch(config)# line vty
switch(config-line)# exec-timeout 20
This example shows how to remove an exec timeout on the console port:
switch(config)# configure terminal
DocTeamVSM(config)# line console
switch(config-console)# no exec-timeout
switch(config-console)#
time Timeout time, in minutes. The range of valid values is 0 to 525600.
If a session remains inactive longer than this specified time period, then it is
automatically closed.
E Commands
exec-timeout
150
OL-20462-01
show terminal Displays the terminal configuration, including the timeout value.
show users Displays the currently active user sessions.
E Commands
exit
151
OL-20462-01
exit
To exit a configuration mode or exit the CLI, use the exit command.
exit
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to exit Global Configuration mode. The CLI returns you to the EXEC mode.
switch(config)# exit
switch#
This example shows how to exit Interface Configuration mode. The CLI returns you to the Global
Configuration mode.
switch(config-if)# exit
switch(config)#
This example shows how to exit the CLI.
switch# exit
Related Commands
Command Description
end Returns to the EXEC command mode.
E Commands
exit
152
OL-20462-01
153
OL-20462-01
F Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter F.
find
To find filenames beginning with a character string, use the find command.
find filename-prefix
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines The find command searches all subdirectories under the current working directory. You can use the cd
and pwd commands to navigate to the starting directory.
filename-prefix First part or all of a filename. The filename prefix is case sensitive.
F Commands
find
154
OL-20462-01
Examples This example shows how to display filenames beginning with ospf:
switch# find ospf
/usr/bin/find: ./lost+found: Permission denied
./ospf-gr.cfg
./ospfgrconfig
./ospf-gr.conf
F Commands
flow exporter
155
OL-20462-01
flow exporter
To create or modify a Flexible NetFlow flow exporter defining where and how Flow Records are
exported to the NetFlow Collector Server, use the flow exporter command. To remove a flow exporter,
flow exporter exporter-name
no flow exporter exporter-name
Syntax Description
Defaults Flow exporters are not present in the configuration until you create them.
Command History
Usage Guidelines
Examples The following example shows how to create and configure FLOW-EXPORTER-1:
switch(config)# flow exporter FLOW-EXPORTER-1
switch(config-flow-exporter)# description located in Pahrump, NV
switch(config-flow-exporter)# destination A.B.C.D
switch(config-flow-monitor)# dscp 32
switch(config-flow-monitor)# source mgmt0
switch(config-flow-monitor)# transport udp 59
switch(config-flow-monitor)# version 9
The following example shows how to remove FLOW-EXPORTER-1:
switch(config)# no flow exporter FLOW-EXPORTER-1
switch(config)#
Related Commands
exporter-name Name of the flow exporter that is created or modified.
Command Description
clear flow exporter Clears the flow monitor.
show flow exporter Displays flow monitor status and statistics.
description Adds a description to a flow record, flow monitor, or flow exporter.
F Commands
flow exporter
156
OL-20462-01
destination Adds a destination IP address to a NetFlow flow exporter.
dscp Adds a differentiated services codepoint (DSCP) to a flow exporter.
source mgmt Adds the management interface to a flow exporter designating it as the
source for NetFlow flow records.
transport udp Adds a destination UDP port used to reach the NetFlow collector to a flow
exporter.
version 9 Designates NetFlow export version 9 in the NetFlow exporter.
Command Description
F Commands
flow monitor
157
OL-20462-01
flow monitor
To create a Flexible NetFlow flow monitor, or to modify an existing Flexible NetFlow flow monitor, and
enter Flexible NetFlow flow monitor configuration mode, use the flow monitor command. To remove a
Flexible NetFlow flow monitor, use the no form of this command.
flow monitor monitor-name
no flow monitor monitor-name
Syntax Description
Defaults Flow monitors are not present in the configuration until you create them.
Command History
Usage Guidelines Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network
traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create
the flow monitor, and a cache that is automatically created at the time the flow monitor is applied to the
first interface. Flow data is collected from the network traffic during the monitoring process based on
the key and non-key fields in the record which is configured for the flow monitor and stored in the flow
monitor cache.
Once you enter the flow monitor configuration mode, the prompt changes to the following:
switch(config-flow-monitor)#
Within the flow monitor configuration mode, the following keywords and arguments are available to
configure the flow monitor:
cacheSpecifies the cache size, from 256 to 16384 entries.
description descriptionProvides a description for this flow monitor; maximum of 63 characters.
exitExits from the current configuration mode.
exporter nameSpecifies the name of an exporter to export records.
noNegates a command or sets its defaults.
record {record-name | netflow ipv4 collection-type | netflow-original}Specifies a flow record to
use as follows:
record-nameName of a record.
monitor-name Name of the flow monitor that is created or modified.
F Commands
flow monitor
158
OL-20462-01
netflow ipv4 collection-typeSpecifies the traditional IPv4 NetFlow collection schemes as
follows:
original-inputSpecifies the traditional IPv4 input NetFlow.
original-outputSpecifies the traditional IPv4 output NetFlow
protocol-portSpecifies the protocol and ports aggregation scheme.
netflow-originalSpecifies the traditional IPv4 input NetFlow with origin autonomous
systems.
timeout {active | inactive}Specifies a flow timeout period as follows:
activeSpecifies an active or long timeout in the range of 60 to 4092 seconds.
inactiveSpecifies an inactive or normal timeout in the range of 15 to 4092 seconds.
The netflow-original and original-input keywords are the same and are equivalent to the following
commands:
match ipv4 source address
match ipv4 destination address
match ip tos
match ip protocol
match transport source-port
match transport destination-port
match interface input
collect counter bytes
collect counter packet
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect interface output
The original-output keywords are the same as original-input keywords except for the following:
match interface output (instead of match interface input)
collect interface input (instead of collect interface output)
Examples The following examples creates and configures a flow monitor named FLOW-MONITOR-1:
switch(config)# flow monitor FLOW-MONITOR-1
switch(config-flow-monitor)# description monitor location las vegas, NV
switch(config-flow-monitor)# exporter exporter-name1
switch(config-flow-monitor)# record test-record
switch(config-flow-monitor)# netflow ipv4 original-input
clear flow monitor Clears the flow monitor.
show flow monitor Displays flow monitor status and statistics.
F Commands
flow record
159
OL-20462-01
flow record
To create a Flexible NetFlow flow record, or to modify an existing Flexible NetFlow flow record, and
enter Flexible NetFlow flow record configuration mode, use the flow record command. To remove a
Flexible NetFlow flow record, use the no form of this command.
flow record record-name
no flow record record-name
Syntax Description
Defaults Flow records are not present in the configuration until you create them.
Command History
Usage Guidelines Flexible NetFlow uses key and non-key fields just as original NetFlow does to create and populate flows
in a cache. In Flexible NetFlow a combination of key and non-key fields is called a record. Original
NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source
or destination address and the source or destination transport protocol port, as the criteria for
determining when a new flow must be created in the cache while network traffic is being monitored. A
flow is defined as a stream of packets between a given source and a given destination. New flows are
created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.
Once you enter the flow record configuration mode, the prompt changes to the following:
switch(config-flow-record)#
Within the flow record configuration mode, the following keywords and arguments are available to
configure the flow record:
collectSpecifies a non-key field. See the collect command for additional information.
description descriptionProvides a description for this flow record; maximum of 63 characters.
exitExits from the current configuration mode.
matchSpecifies a key field. See the match command for additional information.
noNegates a command or sets its defaults.
Cisco NX-OS enables the following match fields by default when you create a flow record:
record-name Name of the flow record that is created or modified.
F Commands
flow record
160
OL-20462-01
match interface output
match flow direction
Examples The following example creates a flow record named FLOW-RECORD-1, and enters Flexible NetFlow
flow record configuration mode:
switch(config-flow-record)#
clear flow monitor Clears the flow monitor.
show flow monitor Displays flow monitor status and statistics.
F Commands
format
161
OL-20462-01
format
To format an external Flash device to erase the contents and restore it to its factory-shipped state, use
the format command.
format filesystem:
Syntax Description
Defaults None
Command Modes any
Command History
Usage Guidelines You can use this command only in the default virtual device context (VDC).
Examples This example shows how to format an external Flash device:
switch# format slot0:
Related Commands
filesystem: Name of the file system. The valid values are bootflash, logflash, slot0,
usb1, or usb2.
Command Description
F Commands
from (table map)
162
OL-20462-01
from (table map)
To specify a set of mappings of input field values to output field values in a table map, use the from
command.
from source-value to dest-value
Syntax Description
Defaults None
Command Modes Table map configuration
Command History
Usage Guidelines
Examples This example shows how to create a mapping from three source values to the corresponding destination
values:
switch(config)# table-map cir-markdown-map
switch(config-tmap)# from 0 to 7
Related Commands
source-value Specifies the source value in the range from 0 to 63.
dest-value Specifies the destination value in the range from 0 to 63.
Command Description
show table-map Displays table maps.
163
OL-20462-01
G Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter G.
gunzip
To uncompress a compressed file, use the gunzip command.
gunzip filename
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines The compressed filename must have the .gz extension.
You do not have to enter the .gz extension as part of the filename.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
Examples This example shows how to uncompress a compressed file:
switch# gunzip run_cnfg.cfg
filename Name of a file. The filename is case sensitive.
G Commands
gunzip
164
OL-20462-01
gzip Compresses a file.
G Commands
gzip
165
OL-20462-01
gzip
To compress a file, use the gzip command.
gzip filename
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines After you use this command, the file is replaced with the compressed filename that has the .gz extension.
The Cisco NX-OS software uses Lempel-Ziv 1977 (LZ77) coding for compression.
Examples This example shows how to compress a file:
switch# gzip run_cnfg.cfg
Related Commands
filename Name of a file. The filename is case sensitive.
Command Description
gunzip Uncompresses a compressed file.
G Commands
gzip
166
OL-20462-01
167
OL-20462-01
I Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter I.
install certificate
To install a certificate, use the install certificate command. To remove a certificate, use the no form of
this command.
install certificate {bootflash: | default}
no install certificate
Syntax Description
Defaults No certificate is installed.
Command Modes SVS connection configuration (config-svs-conn)
Command History
Usage Guidelines Only one SVS connection can be created.
Examples This example shows how to install a certificate:
bootflash: Specifies the path.
default Specifies the default certificate.
I Commands
install certificate
168
OL-20462-01
switch(config)# svs connect s1
switch(config-svs-conn)# install certificate default
switch(config-svs-conn)#
This example shows how to remove a certificate:
switch(config-svs-conn)# no install certificate default
show svs Displays SVS information.
I Commands
install license bootflash:
169
OL-20462-01
To install a license file(s) on a VSM, use the install license bootflash: command.
install license bootflash: filename
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines You must first uninstall an evaluation license if one is present on your VSM. For more information,
see the Cisco Nexus 1000V License Configuration Guide, Release 4.0(4)SV1(2).
You must be logged in to the active VSM console port.
This command installs the license file using the name, license_file.lic. You can specify a different
name.
If you are installing multiple licenses for the same VSM, also called license stacking, make sure that
each license key file name is unique.
Repeat this procedure for each additional license file you are installing, or stacking, on the VSM.
Examples This example shows how to install a license to bootflash on a VSM and then display the installed file:
n1000v# install license bootflash:license_file.lic
Installing license ..done
n1000v# show license file license.lic
VENDOR cisco
INCREMENT NEXUS1000V_LAN_SERVICES_PKG cisco 1.0 permanent 1 \
HOSTID=VDH=1575337335122974806 \
NOTICE="<LicFileID>license.lic</LicFileID><LicLineID>0</LicLineID> \
<PAK>PAK12345678</PAK>" SIGN=3AF5C2D26E1A
n1000v#
filename (Optional) Specify a name for the license file. If you do not specify a name, then the
license is installed using the default name.
I Commands
170
OL-20462-01
show license file Verifies the license installation by displaying the license configured for the
VSM.
clear license Uninstalls a license, that is, removes it from the VSM and shuts down the
Ethernet interfaces to the VEMs covered by that license.
logging level license Designates the level of severity at which license messages should be logged.
src-vem
Transfers licenses from a source VEM to another VEM, or to the VSM pool
of available licenses.
I Commands
interface ethernet
171
OL-20462-01
interface ethernet
To configure an Ethernet interface, use the interface ethernet command.
interface ethernet slot/port
Syntax Description
Defaults None
Interface Configuration (config-if)
Command History
Usage Guidelines Use the interface ethernet command from the Global Configuration mode to access the interface
configuration mode to configure a specified interface or range of interfaces.
Examples This example shows how to access the interface command mode for configuring the Ethernet interface
on slot 2, port 1:
switch# config t
switch(config-if)#
Related Commands
slot/port Specifies the slot number and port number for the Ethernet interface.
Command Description
show interface
ethernet slot/port
Displays information about the Ethernet interface.
I Commands
interface loopback
172
OL-20462-01
interface loopback
To create and configure a loopback interface, use the interface loopback command. To remove a
loopback interface, use the no form of this command.
interface loopback number
no interface loopback number
Syntax Description
Defaults None
Command History
Usage Guidelines Use the interface loopback command to create or modify loopback interfaces.
Examples This example shows how to create a loopback interface:
switch(config)# interface loopback 50
switch(config-if)#
Related Commands
number Identifying interface number; valid values are from 0 to 1023.
Command Description
show interface
loopback
Displays information about the traffic on the specified loopback interface.
I Commands
interface mgmt
173
OL-20462-01
interface mgmt
To configure the management interface and enter interface configuration mode, use the interface
management command.
interface mgmt0
Defaults None
Command History
Usage Guidelines Use the interface mgmt0 command to configure the management interface and to enter the interface
configuration mode.
Examples This example shows how to enter the interface configuration mode to configure the management
interface:
switch(config)# interface mgmt0
switch(config-if)#
Related Commands
Command Description
show interface mgmt0 Displays information about the traffic on the management interface.
I Commands
interface port-channel
174
OL-20462-01
To create a port-channel interface and enter interface configuration mode, use the interface
port-channel command. To remove a logical port-channel interface or subinterface, use the no form of
this command.
interface port-channel channel-number
no interface port-channel channel-number
Syntax Description
Defaults None
Command History
Usage Guidelines Use the interface port-channel command to create or delete port-channel groups and to enter the
interface configuration mode for the port channel.
A port can belong to only one channel group.
When you use the interface port-channel command, follow these guidelines:
If you are using CDP, you must configure it only on the physical interface and not on the
port-channel interface.
If you do not assign a static MAC address on the port-channel interface, a MAC address is
automatically assigned. If you assign a static MAC address and then later remove it, the MAC
address is automatically assigned.
The MAC address of the port channel is the address of the first operational port added to the channel
group. If this first-added port is removed from the channel, the MAC address comes from the next
operational port added, if there is one.
Examples This example shows how to create a port-channel group interface with channel-group number 50:
switch(config)# interface port-channel 50
switch(config-if)#
channel-number Channel number that is assigned to this port-channel logical interface. The
range of valid values is from 1 to 4096.
I Commands
175
OL-20462-01
show interface
port-channel
Displays information on traffic on the specified port-channel interface.
show port-channel
summary
Displays information on the port channels.
I Commands
interface vethernet
176
OL-20462-01
interface vethernet
To create a virtual Ethernet interface and enter interface configuration mode, use the interface vethernet
command. To remove a virtual Ethernet interface, use the no form of this command.
interface vethernet number
no interface vethernet number
Syntax Description
Defaults None
Command History
Usage Guidelines Use the interface vethernet command to create a virtual Ethernet interface.
Examples This example shows how to create a virtual Ethernet interface:
switch(config)# interface vethernet 50
switch(config-if)#
Related Commands
number Identifying interface number; valid values are from 1 to 1048575.
Command Description
show interface
vethernet number
Displays information about the traffic on the specified virtual Ethernet
interface.
I Commands
ip access-list
177
OL-20462-01
ip access-list
To create an access list, use the ip access-list command. To remove an access list, use the no form of
this command.
ip access-list {name | match-local-traffic}
no ip access-list {name | match-local-traffic}
Syntax Description
Defaults No access list exists.
Command History
Examples This example shows how to create an access list:
switch(config)# ip access-list acl1
switch(config)#
Related Commands
name List name.
match-local-traffic Enables access list matching for locally generated traffic.
Command Description
show access-lists Displays access lists.
I Commands
ip address
178
OL-20462-01
ip address
To create an IP route, use the ip address command. To remove an IP address, use the no form of this
command.
ip address {address mask | prefix} {next-hop | next-hop-prefix | interface-type interface-number}
[tag tag-value | preference]
no ip address {address mask | prefix} {next-hop | next-hop-prefix | interface-type interface-number}
[secondary | tag tag-value | preference]
Syntax Description
Defaults None
Command History
Examples This example shows how to create an IP address:
switch(config)# ip address 209.165.200.225 255.255.255.224 x
switch(config)#
address IP address, in format A.B.C.D.
mask IP network mask, in format A.B.C.D.
prefix IP prefix and network mask length, in format A.B.C.D/LEN.
next-hop IP next-hop address, in format A.B.C.D.
next-hop-prefix IP next-hop prefix in format A.B.C.D./LEN.
interface-type Interface type.
interface-number Interface or subinterface number.
secondary (Optional) Configures additional IP addresses on the interface.
tag (Optional) Specifies a supply tag.
tag-value Supply tag value. The range of valid values is 0 to 4294967295. The default is 0.
preference (Optional) Route preference.
I Commands
ip address
179
OL-20462-01
show ip interface
A.B.C.D.
Displays interfaces for local IP addresses.
I Commands
ip arp inspection limit
180
OL-20462-01
ip arp inspection limit
To set the rate limit of ARP requests and responses, use the ip arp inspection limit command. To remove
this setting, use the no form of this command. To set the rate limit to its default, use the default form of
this command.
ip arp inspection limit {rate pps [burst interval bint] | none}
no ip arp inspection limit {rate pps [burst interval bint] | none}
default ip arp inspection limit {rate pps [burst interval bint] | none}
Syntax Description
Defaults None
Command Modes Inteface configuration (config-if)
Port profile configuration (config-port-prof)
Command History
Examples This example shows how to set the rate limit of ARP requests to 20 pps:
switch(config)# ip arp inspection limit rate 20
This example shows how to remove the configuration:
switch(config)# no arp inspection limit rate 20
Related Commands
rate pps Specifies the rate limit in packets per second.
burst interval (Optional) Specifies the burst interval.
bint (Optional) Burst interval in seconds.
none Specifies that there is no limit.
Command Description
interface interface
Displays the trust state and the ARP packet rate for a specified interface.
I Commands
ip arp inspection trust
181
OL-20462-01
To configure a Layer 2 interface as a trusted ARP interface, use the ip arp inspection trust command.
To configure a Layer 2 interface as an untrusted ARP interface, use the no form of this command. To
return a Layer 2 interface to its default, use the default form of this command.
no ip arp inspection trust
default ip arp inspection trust
Defaults By default, all interfaces are untrusted ARP interfaces.
Command Modes Interface configuration (config-if)
Command History
Usage Guidelines You can configure only Layer 2 virtual Ethernet interfaces as trusted ARP interfaces.
Examples This example shows how to configure a Layer 2 interface as a trusted ARP interface:
switch(config-if)# ip arp inspection trust
switch(config-if)#
Related Commands
Command Description
interface
I Commands
ip arp inspection validate
182
OL-20462-01
To enable additional Dynamic ARP Inspection (DAI) validation, use the ip arp inspection validate
command. To disable additional DAI, use the no form of this command.
ip arp inspection validate {dst-mac [ip] [src-mac] | ip [dst-mac] [src-mac] | src-mac [dst-mac]
[ip]}
no ip arp inspection validate {dst-mac [ip] [src-mac] | ip [dst-mac] [src-mac] | src-mac
[dst-mac] [ip]}
Syntax Description
Defaults None
Command Modes Global configuration (config)
Command History
Usage Guidelines You must specify at least one keyword. If you specify more than one keyword, the order is irrelevant.
Examples This example shows how to enable additional DAI validation:
switch(config)# ip arp inspection validate src-mac dst-mac ip
switch(config)#
Related Commands
dst-mac (Optional) Enables validation of the destination MAC address in the Ethernet
header against the target MAC address in the ARP body for ARP responses. The
device classifies packets with different MAC addresses as invalid and drops them.
ip (Optional) Enables validation of the ARP body for invalid and unexpected IP
addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP multicast
addresses. The device checks the sender IP addresses in all ARP requests and
responses and checks the target IP addresses only in ARP responses.
src-mac (Optional) Enables validation of the source MAC address in the Ethernet header
against the sender MAC address in the ARP body for ARP requests and
responses. The devices classifies packets with different MAC addresses as invalid
and drops them.
I Commands
183
OL-20462-01
Command Description
show ip arp inspection Displays the DAI configuration status.
I Commands
ip arp inspection vlan
184
OL-20462-01
ip arp inspection vlan
To enable Dynamic ARP Inspection (DAI) for a list of VLANs, use the ip arp inspection vlan
command. To disable DAI for a list of VLANs, use the no form of this command.
ip arp inspection vlan vlan-list
no ip arp inspection vlan vlan-list
Syntax Description
Defaults None
Command History
Usage Guidelines By default, the device does not log packets inspected by DAI.
Examples This example shows how to enable DAI on VLANs 13, 15, and 17 through 23:
switch(config)# ip arp inspection vlan 13,15,17-23
switch(config)#
Related Commands
vlan-list VLANs on which DAI is active. The vlan-list argument allows you to specify a
single VLAN ID, a range of VLAN IDs, or comma-separated IDs and ranges (see
the Examples section). Valid VLAN IDs are from 1 to 4096.
Command Description
ip arp inspection
validate
Enables additional DAI validation.
vlan
Displays the DAI status for a specified list of VLANs.
I Commands
ip dhcp snooping
185
OL-20462-01
ip dhcp snooping
To globally enable DHCP snooping on the device, use the ip dhcp snooping command. To globally
disable DHCP snooping, use the no form of this command.
ip dhcp snooping
no ip dhcp snooping
Defaults By default, DHCP snooping is globally disabled.
Command History
Usage Guidelines To use this command, you must enable the DHCP snooping feature (see the feature dhcp command).
The device preserves DHCP snooping configuration when you disable DHCP snooping with the
no ip dhcp snooping command.
Examples This example shows how to globally enable DHCP snooping:
switch(config)# ip dhcp snooping
switch(config)#
Related Commands
Command Description
feature dhcp Enables the DHCP snooping feature on the device.
ip dhcp snooping trust Configures an interface as a trusted source of DHCP messages.
ip dhcp snooping vlan Enables DHCP snooping on the specified VLANs.
show ip dhcp snooping Displays general information about DHCP snooping.
I Commands
ip dhcp snooping limit rate
186
OL-20462-01
ip dhcp snooping limit rate
To configure a rate limit for DHCP packets that are received on a port, use the ip dhcp snooping limit
rate command. To remove the rate limit for DHCP packets that are received on each port, use the no
form of this command. To restore the default setting, use the default form of this command.
ip dhcp snooping limit rate rate
no ip dhcp snooping limit rate
default ip dhcp snooping limit rate
Syntax Description
Defaults None
Command History
Examples This example shows how to limit the rate of DHCP packets to 30 pps on vEthernet interface 3:
switch(config-if)# ip dhcp snooping limit rate 30
Related Commands
rate Number of DHCP packets per second. The range is from 1 to 2048.
Command Description
I Commands
ip dhcp snooping trust
187
OL-20462-01
To configure an interface as a trusted source of DHCP messages, use the ip dhcp snooping trust
command. To configure an interface as an untrusted source of DHCP messages, use the no form of this
no ip dhcp snooping trust
default ip dhcp snooping trust
Defaults By default, no interface is a trusted source of DHCP messages.
Command History
Usage Guidelines You can configure DHCP trust on the following types of interfaces:
Layer 2 vEthernet interfaces
Private VLAN interfaces
Examples This example shows how to configure an interface as a trusted source of DHCP messages:
switch(config-if)# ip dhcp snooping trust
switch(config-if)#
Related Commands
Command Description
ip dhcp snooping Globally enables DHCP snooping on the device.
ip dhcp snooping
verify mac-address
Enables MAC address verification as part of DHCP snooping.
I Commands
188
OL-20462-01
ip dhcp snooping vlan Enables DHCP snooping on the specified VLANs.
Command Description
I Commands
ip dhcp snooping vlan
189
OL-20462-01
ip dhcp snooping vlan
To enable DHCP snooping on one or more VLANs, use the ip dhcp snooping vlan command. To disable
DHCP snooping on one or more VLANs, use the no form of this command.
ip dhcp snooping vlan vlan-list
no ip dhcp snooping vlan vlan-list
Syntax Description
Defaults By default, DHCP snooping is not enabled on any VLAN.
Command History
Examples This example shows how to enable DHCP snooping on VLANs 100, 200, and 250 through 252:
switch(config)# ip dhcp snooping vlan 100,200,250-252
switch(config)#
Related Commands
vlan-list Range of VLANs on which to enable DHCP snooping. The vlan-list argument
allows you to specify a single VLAN ID, a range of VLAN IDs, or
comma-separated IDs and ranges (see the Examples section). Valid VLAN IDs
are from 1 to 4096.
Command Description
ip dhcp snooping trust Configures an interface as a trusted source of DHCP messages.
I Commands
ip directed-broadcast
190
OL-20462-01
To enable IP directed broadcast, use the ip directed-broadcast command. To disable IP directed
broadcast, use the no form of this command.
no ip directed-broadcast
Defaults None
Command History
Examples This example shows how to enable IP directed broadcast:
switch(config)# interface mgmt 0
switch(config-if)# ip directed-broadcast
switch(config-if)#
Related Commands
Command Description
show ip interface Displays IP interface information.
I Commands
ip flow monitor
191
OL-20462-01
ip flow monitor
To enable a Flexible NetFlow flow monitor for traffic that the router is receiving or forwarding, use the
ip flow monitor interface configuration mode command. To disable a Flexible NetFlow flow monitor,
ip flow monitor monitor-name {input | output}
no ip flow monitor monitor-name {input | output}
Syntax Description
Defaults Disabled.
Command History
Usage Guidelines You must have already created a flow monitor by using the flow monitor command before you can apply
the flow monitor to an interface with the ip flow monitor command to enable traffic monitoring with
Flexible NetFlow.
Examples The following example enables a flow monitor for monitoring input traffic:
switch(config)# interface ethernet0/0
switch(config-if)# ip flow monitor FLOW-MONITOR-1 input
The following example enables a flow monitor for monitoring output traffic:
switch(config-if)# ip flow monitor FLOW-MONITOR-1 output
The following example enables the same flow monitor on the same interface for monitoring input and
output traffic:
monitor-name Name of a flow monitor that you previously configured.
input Monitors traffic that the routers is receiving on the interface.
output Monitors traffic that the routers is transmitting on the interface.
I Commands
ip flow monitor
192
OL-20462-01
The following example enables two different flow monitors on the same interface for monitoring input
and output traffic:
The following example enables the same flow monitor on two different interfaces for monitoring input
and output traffic:
The following example enables two different flow monitors on two different interfaces for monitoring
input and output traffic:
flow exporter Creates a flow exporter.
I Commands
ip igmp snooping (Global)
193
OL-20462-01
ip igmp snooping (Global)
To enable IGMP snooping, use the ip igmp snooping command. To disable IGMP snooping, use the no
form of this command.
ip igmp snooping
no ip igmp snooping
Defaults Enabled
Command History
Usage Guidelines If the global configuration of IGMP snooping is disabled, then all VLANs are treated as disabled,
whether they are enabled or not.
Examples This example shows how to enable IGMP snooping:
switch(config)# ip igmp snooping
switch(config)#
This example shows how to disable IGMP snooping:
switch(config)# no ip igmp snooping
switch(config)#
Related Commands
Command Description
show ip igmp snooping Displays IGMP snooping information.
I Commands
ip igmp snooping (VLAN)
194
OL-20462-01
ip igmp snooping (VLAN)
To enable IGMP snooping on a VLAN interface, use the ip igmp snooping command. To disable IGMP
snooping on the interface, use the no form of this command.
ip igmp snooping
no ip igmp snooping
Defaults Enabled
Command Modes VLAN configuration (config-vlan)
Command History
Usage Guidelines If the global configuration of IGMP snooping is disabled, then all VLANs are treated as disabled,
whether they are enabled or not.
Examples This example shows how to enable IGMP snooping on a VLAN interface:
switch(config)# vlan 1
switch(config-vlan)# ip igmp snooping
switch(config-vlan)#
This example shows how to disable IGMP snooping on a VLAN interface:
switch(config-vlan)# no ip igmp snooping
Related Commands
Command Description
I Commands
ip igmp snooping explicit-tracking
195
OL-20462-01
To enable tracking of IGMPv3 membership reports from individual hosts for each port on a per-VLAN
basis, use the ip igmp snooping explicit-tracking command. To disable tracking, use the no form of
this command.
no ip igmp snooping explicit-tracking
Defaults Enabled
Command History
Usage Guidelines
Examples This example shows how to enable tracking of IGMPv3 membership reports on a VLAN interface:
switch(config-vlan)# ip igmp snooping explicit-tracking
This example shows how to disable IGMP snooping on a VLAN interface:
switch(config-vlan)# no ip igmp snooping explicit-tracking
Related Commands
Command Description
I Commands
ip igmp snooping fast-leave
196
OL-20462-01
To enable support of IGMPv2 hosts that cannot be explicitly tracked because of the host report
suppression mechanism of the IGMPv2 protocol, use the ip igmp snooping fast-leave command. To
disable support of IGMPv2 hosts, use the no form of this command.
no ip igmp snooping fast-leave
Defaults Disabled
Command History
Usage Guidelines When you enable fast leave, the IGMP software assumes that no more than one host is present on each
VLAN port.
Examples This example shows how to enable support of IGMPv2 hosts:
switch(config-vlan)# ip igmp snooping fast-leave
This example shows how to disable support of IGMPv2 hosts:
switch(config-vlan)# no ip igmp snooping fast-leave
Related Commands
Command Description
I Commands
ip igmp snooping last-member-query-interval
197
OL-20462-01
ip igmp snooping last-member-query-interval
To configure a query interval in which the software removes a group, use the ip igmp snooping
last-member-query-interval command. To reset the query interval to the default, use the no form of
this command.
ip igmp snooping last-member-query-interval interval
no ip igmp snooping last-member-query-interval [interval]
Syntax Description
Defaults The query interval is 1.
Command History
Usage Guidelines
Examples This example shows how to configure a query interval in which the software removes a group:
switch(config-vlan)# ip igmp snooping last-member-query-interval 3
This example shows how to reset a query interval to the default:
switch(config-vlan)# no ip igmp snooping last-member-query-interval
Related Commands
interval Query interval in seconds. The range is from 1 to 25. The default is 1.
Command Description
I Commands
ip igmp snooping mrouter interface
198
OL-20462-01
ip igmp snooping mrouter interface
To configure a static connection to a multicast router, use the ip igmp snooping mrouter interface
command. To remove the static connection, use the no form of this command.
ip igmp snooping mrouter interface if-type if-number
no ip igmp snooping mrouter interface if-type if-number
Syntax Description
Defaults None
Command History
Usage Guidelines The interface to the router must be in the selected VLAN.
Examples This example shows how to configure a static connection to a multicast router:
switch(config-vlan)# ip igmp snooping mrouter interface ethernet 2/1
This example shows how to remove a static connection to a multicast router:
switch(config-vlan)# no ip igmp snooping mrouter interface ethernet 2/1
Related Commands
if-type Interface type. For more information, use the question mark (?) online help function.
if-number Interface or subinterface number. For more information about the numbering syntax
for your networking device, use the question mark (?) online help function.
Command Description
I Commands
ip igmp snooping report-suppression (Global)
199
OL-20462-01
ip igmp snooping report-suppression (Global)
To configure IGMPv1 or GMPv2 report suppression for VLANs, use the ip igmp snooping
report-suppression command. To remove IGMPv1 or GMPv2 report suppression, use the no form of
this command.
ip igmp snooping report-suppression
no ip igmp snooping report-suppression
Defaults Enabled
Command History
Usage Guidelines
Examples This example shows how to configure IGMPv1 or GMPv2 report suppression for VLANs:
switch(config)# ip igmp snooping report-suppression
This example shows how to remove IGMPv1 or GMPv2 report suppression:
switch(config)# no ip igmp snooping report-suppression
Related Commands
Command Description
I Commands
ip igmp snooping report-suppression (VLAN)
200
OL-20462-01
ip igmp snooping report-suppression (VLAN)
To configure IGMPv1 or GMPv2 report suppression for VLANs, use the ip igmp snooping
report-suppression command. To remove IGMPv1 or GMPv2 report suppression, use the no form of
this command.
ip igmp snooping report-suppression
no ip igmp snooping report-suppression
Defaults Enabled
Command History
Usage Guidelines
Examples This example shows how to configure IGMPv1 or GMPv2 report suppression for VLANs:
switch(config-vlan)# ip igmp snooping report-suppression
This example shows how to remove IGMPv1 or GMPv2 report suppression:
switch(config-vlan)# no ip igmp snooping report-suppression
Related Commands
Command Description
I Commands
ip igmp snooping static-group
201
OL-20462-01
ip igmp snooping static-group
To configure a Layer 2 port of a VLAN as a static member of a multicast group, use the ip igmp
snooping static-group command. To remove the static member, use the no form of this command.
ip igmp snooping static-group group interface if-type if-number
no ip igmp snooping static-group group interface if-type if-number
Syntax Description
Defaults None
Command History
Usage Guidelines You can specify the interface by the type and the number, such as ethernet slot/port.
Examples This example shows how to configure a static member of a multicast group:
switch(config-vlan)# ip igmp snooping static-group 230.0.0.1 interface ethernet 2/1
This example shows how to remove a static member of a multicast group:
switch(config-vlan)# no ip igmp snooping static-group 230.0.0.1 interface ethernet 2/1
Related Commands
group Group IP address.
interface Specifies interface for static group.
if-type Interface type. For more information, use the question mark (?) online help function.
if-number Interface or subinterface number. For more information about the numbering syntax
for your networking device, use the question mark (?) online help function.
Command Description
I Commands
ip igmp snooping v3-report-suppression (Global)
202
OL-20462-01
ip igmp snooping v3-report-suppression (Global)
To configure IGMPv3 report suppression and proxy reporting, use the ip igmp snooping
v3-report-suppression command. To remove IGMPv3 report suppression and proxy reporting, use the
ip igmp snooping v3-report-suppression
no ip igmp snooping v3-report-suppression
Defaults Disabled
Command History
Usage Guidelines
Examples This example shows how to configure IGMPv3 report suppression and proxy reporting:
switch(config)# ip igmp snooping v3-report-suppression
This example shows how to remove IGMPv3 report suppression and proxy reporting:
switch(config)# no ip igmp snooping v3-report-suppression
Related Commands
Command Description
I Commands
ip igmp snooping v3-report-suppression (VLAN)
203
OL-20462-01
ip igmp snooping v3-report-suppression (VLAN)
To configure IGMPv3 report suppression and proxy reporting for VLANs, use the ip igmp snooping
v3-report-suppression command. To remove IGMPv3 report suppression, use the no form of this
command.
ip igmp snooping v3-report-suppression
no ip igmp snooping v3-report-suppression
Defaults Disabled
Command History
Usage Guidelines
Examples This example shows how to configure IGMPv3 report suppression and proxy reporting for VLANs:
switch(config-vlan)# ip igmp snooping v3-report-suppression
This example shows how to remove IGMPv3 report suppression and proxy reporting for VLANs:
switch(config-vlan)# no ip igmp snooping v3-report-suppression
Related Commands
Command Description
I Commands
ip port access-group
204
OL-20462-01
ip port access-group
To create an access group, use the ip port access-group command. To remove access control, use the
ip port access-group name {in | out}
no ip port access-group name {in | out}
Syntax Description
Defaults No access group exists.
Command History
Usage Guidelines You create an access group to specify in an ACL the access control of packets.
Examples This example shows how to create an access group:
switch(config)# port-profile 1
switch(config-port-prof)# ip port access-group group1 in
switch(config-port-prof)#
Related Commands
name Group name. The range of valid values is 1 to 64.
in Specifies inbound traffic.
out Specifies outbound traffic.
Command Description
show access-lists Displays access lists.
show port-profile Displays port profile information.
I Commands
ip source binding
205
OL-20462-01
ip source binding
To create a static IP source entry for a Layer 2 vEthernet interface, use the ip source binding command.
To disable the static IP source entry, use the no form of this command.
ip source binding IP-address MAC-address vlan vlan-id interface vethernet interface-number
no ip source binding IP-address MAC-address vlan vlan-id interface vethernet interface-number
Syntax Description
Defaults None
Command History
Usage Guidelines By default, there are no static IP source entries.
Examples This example shows how to create a static IP source entry that is associated with VLAN 100 on vEthernet
interface 3:
switch(config)# ip source binding 10.5.22.7 001f.28bd.0013 vlan 100 interface vethernet 3
switch(config)#
Related Commands
IP-address IPv4 address to be used on the specified interface. Valid entries are in
dotted-decimal format.
MAC-address MAC address to be used on the specified interface. Valid entries are in
dotted-hexadecimal format.
vlan vlan-id Specifies the VLAN associated with the IP source entry.
interface
vethernet
interface-number
Specifies the Layer 2 vEthernet interface associated with the static IP entry.
Command Description
ip verify source
dhcp-snooping-vlan
Enables IP Source Guard on an interface.
show ip verify source Displays IP-to-MAC address bindings.
I Commands
ip source-route
206
OL-20462-01
ip source-route
To enable an IP source route, use the ip source-route command. To disable an IP source route, use the
ip source-route
no ip source-route
Defaults None
Command History
Examples This example shows how to enable an IP source route:
switch(config)# ip source-route
switch(config)#
Related Commands
Command Description
show ip static-route Displays static routes.
I Commands
ip verify source dhcp-snooping-vlan
207
OL-20462-01
To enable IP Source Guard on a Layer 2 vEthernet interface, use the ip verify source
dhcp-snooping-vlan command. To disable IP Source Guard on an interface, use the no form of this
no ip verify source dhcp-snooping-vlan
default ip verify source dhcp-snooping-vlan
Defaults None
Command History
Usage Guidelines By default, IP Source Guard is not enabled on any interface.
Examples This example shows how to enable IP Source Guard on an interface:
switch(config-if)# ip verify source dhcp-snooping-vlan
switch(config-if)#
Related Commands
Command Description
ip source binding Creates a static IP source entry for the specified vEthernet interface.
show ip verify source Displays IP-to-MAC address bindings.
I Commands
208
OL-20462-01
209
OL-20462-01
L Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter L.
L Commands
limit-resource erspan-flow-id minimum
210
OL-20462-01
limit-resource erspan-flow-id minimum
To configure the range of allowed ERSPAN flow IDs, use the limit-resource erspan-flow-id minimum
command. To remove the configuration, use the no form of this command.
limit-resource erspan-flow-id minimum min-val maximum max-val
no limit-resource erspan-flow-id
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to restrice the range of allowed ERSPAN flow IDs to the range, 1-80:
n1000v(config)# limit-resource erspan-flow-id minimum 1 maximum 80
This example shows how to restore the default range of ERSPAN flow IDs:
switch(config)# no limit-resource erspan-flow-id
Related Commands
min-val Minimum ERSPAN flow ID number allowed.
maximum Configures the maximum range value for ERSPAN flow IDs.
max-val Maximum ERSPAN flow ID number allowed.
Command Description
erspan-id Adds an ERSPAN ID (1-1023) to the session configuration and saves it in
the running configuration.
show monitor session Displays the ERSPAN session configuration as it exists in the running
configuration.
monitor session Creates an ERSPAN session.
L Commands
line console
211
OL-20462-01
line console
To enter console configuration mode, use the line console command. To exit console configuration
mode, use the no form of this command.
line console
no line console
Defaults None
Command History
Examples This example shows how to enter console configuration mode:
switch(config)# line console
switch(config-console)#
L Commands
line vty
212
OL-20462-01
line vty
To enter line configuration mode, use the line vty command. To exit line configuration mode, use the no
line vty
no line vty
Defaults None
Command History
Examples This example shows how to enter line configuration mode:
switch(config-line)#
L Commands
logging console
213
OL-20462-01
logging console
Use the logging console command to enable logging messages to the console session.
To disable logging messages to the console session, use the no form of this command.
logging console [severity-level]
no logging console
Syntax Description
Defaults None
Command History
Usage Guidelines
severity-level

The severity level at which you want messages to be logged. When you set a
severity level, for example 4, then messages at that severity level and higher
(0 through 4) are logged.
Severity levels are as follows:
Level Designation Definition
0 Emergency System unusable *the highest level*
1 Alert Immediate action needed
2 Critical Critical conditiondefault level
3 Error Error condition
4 Warning Warning condition
5 Notification Normal but significant condition
6 Informational Informational message only
7 Debugging Appears during debugging only
L Commands
logging console
214
OL-20462-01
Examples This example shows how to enable logging messages with a severity level of 4 (warning) or higher to
the console session:
switch(config)# logging console 4
switch(config)#
show logging console Displays the console logging configuration.
L Commands
logging event
215
OL-20462-01
logging event
Use the logging event command to log interface events.
logging event {link-status | trunk-status} {enable | default}
no logging event {link-status | trunk-status} {enable | default}
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to log interface events:
switch(config)# logging event link-status default
switch(config)#
Related Commands
link-status Log all up/down and change status messages.
trunk-status Log all trunk status messages.
default The default logging configuration is used.
enable Enables interface logging to override the port level logging configuration.
Command Description
show logging Displays the logging configuration and contents of logfile.
L Commands
logging level
216
OL-20462-01
logging level
Use the logging level command to enable the logging of messages as follows:
from a named facility (such as license or aaa)
of a specified severity level or higher
To disable the logging of messages, use the no form of this command.
logging level facility severity-level
no logging level facility severity-level
Syntax Description
Defaults None
Command History
facility Names the facility.
severity-level

L Commands
logging level
217
OL-20462-01
Usage Guidelines To apply the same severity level to all facilities, use the following command:
logging level all level_number
To list the available facilities for which messages can be logged, use the following command:
logging level ?
Examples This example shows how to enable logging messages from the AAA facility that have a severity level of
0 through 2:
switch(config)# logging level aaa 2
switch(config)#
This example shows how to enable logging messages from the license facility with a severity level of
0 through 4; and then display the license logging configuration:
switch(config)# logging level license 4
switch(config)# show logging level license
Facility Default Severity Current Session Severity
-------- ---------------- ------------------------
licmgr 6 4
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
switch(config)#
show logging level Displays the facility logging level configuration.
logging level ? Lists the available facilities for which messages can be logged.
L Commands
logging logfile
218
OL-20462-01
logging logfile
Use the logging logfile command to configure the log file used to store system messages.
To remove a configuration, use the no form of this command.
logging logfile logfile-name severity-level [size bytes]
no logging logfile [logfile-name severity-level [size bytes]]]
Syntax Description
Defaults None
Command History
Usage Guidelines
logfile-name Specifies the name of the log file that stores system messages.
severity-level

size bytes (Optional) Specifies the log file size in bytes, from 4096 to 10485760 bytes.
The default file size is 10485760 bytes.
L Commands
logging logfile
219
OL-20462-01
Examples This example shows how to configure a log file named logfile to store system messages and set its
severity level to 4:
switch# config t
switch(config)# logging logfile logfile 4
switch(config)#
show logging logfile Displays the contents of the log file.
L Commands
logging module
220
OL-20462-01
logging module
To start logging of module messages to the log file, use the logging module command. To stop module
log messages, use the no form of this command.
logging module [severity]
no logging module [severity]
Syntax Description
Defaults Disabled
If you start logging of module messages, and do not specify a severity, then the default is used,
Notification (5).
Command History
Usage Guidelines
severity-level

The severity level at which you want messages to be logged. If you do not specify
a severity level, the default is used. When you set a severity level, for example 4,
then messages at that severity level and higher (0 through 4) are logged.
5 Notification Normal but significant condition (the default)
L Commands
logging module
221
OL-20462-01
Examples This example shows how to start logging of module messages to the log file at the default severity level
(severity 4):
switch(config)# logging module
switch(config)#
This example shows how to stop the logging of module messages to the log file:
switch(config)# no logging module
switch#
show logging module Displays the current configuration for logging module messages to the log
file.
L Commands
logging monitor
222
OL-20462-01
logging monitor
Use the logging monitor command to enable the logging of messages to the monitor (terminal line). This
configuration applies to telnet and SSH sessions.
To disable monitor logging, use the no form of this command.
logging monitor [severity-level]
no logging monitor
Syntax Description
Defaults None
Supported User Roles Network-admin
Command History
Usage Guidelines
severity-level

The severity level at which you want messages to be logged. If you do not specify
a severity level, the default is used. When you set a severity level, for example 4,
then messages at that severity level and higher (0 through 4) are logged.
5 Notification Normal but significant condition (the default)
L Commands
logging monitor
223
OL-20462-01
Examples This example shows how to enable monitor log messages:
switch(config)# logging monitor
switch(config)#
show logging monitor Displays the monitor logging configuration.
L Commands
logging server
224
OL-20462-01
logging server
Use the logging server command to designate and configure a remote server for logging system
messages. Use the no form of this command to remove or change the configuration,
logging server host0 [i1 [use-vrf s0 [facility {auth | authpriv | cron | daemon | ftp | kernel | local0
| local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | syslog | user |
uucp}]]]
no logging server host0 [i1 [use-vrf s0 [facility {auth | authpriv | cron | daemon | ftp | kernel |
local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | syslog | user
| uucp}]]]
Syntax Description
Defaults None
host0 Hostname/IPv4/IPv6 address of the Remote Syslog Server.
i1 (Optional) 0-emerg;1-alert;2-crit;3-err;4-warn;5-notif;6-inform;7-debug.
use-vrf s0 (Optional) Enter VRF name, default is management + VRF name,default
management.
facility (Optional) Facility to use when forwarding to server.
auth Use auth facility.
authpriv Use authpriv facility.
cron Use Cron/at facility.
daemon Use daemon facility.
ftp Use file transfer system facility.
kernel Use kernel facility.
local0 Use local0 facility.
lpr Use lpr facility.
mail Use mail facility.
news Use USENET news facility.
syslog Use syslog facility.
user Use user facility.
uucp Use Unix-to-Unix copy system facility.
L Commands
logging server
225
OL-20462-01
Command History
Usage Guidelines
Examples This example shows how to configure a remote syslog server at a specified IPv4 address, using the
default outgoing facility:
switch(config)# logging server 172.28.254.253
switch(config)#
This example shows how to configure a remote syslog server at a specified host name, with severity level
5 or higher:
switch(config)# logging server syslogA 5
switch(config)#
Related Commands
Command Description
show logging server Displays the current server configuration for logging system messages.
L Commands
logging timestamp
226
OL-20462-01
logging timestamp
To set the unit of measure for the system messages timestamp, use the logging timestamp command. To
restore the default unit of measure, use the no form of this command.
logging timestamp {microseconds | milliseconds | seconds}
no logging timestamp {microseconds | milliseconds | seconds}
Syntax Description
Defaults Seconds
Command History
Usage Guidelines
Examples This example shows how to set microseconds as the unit of measure for the system messages timestamp:
switch(config)# logging timestamp microseconds
switch(config)#
Related Commands
microseconds Timestamp in micro-seconds.
milliseconds Timestamp in milli-seconds.
seconds Timestamp in seconds (Default).
Command Description
show logging
timestamp
Displays the logging timestamp configuration.
227
OL-20462-01
M Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter M.
mac access-list
To create a MAC ACL, use the mac access-list command. To remove the MAC ACL, use the no form of
this command.
mac access-list name
no mac access-list name
Syntax Description
Defaults The MAC ACL does not exist.
Command History
Examples This example shows how to create a MAC ACL:
switch(config)# mac access-list aL1
switch(config)#
name List name. The range of valid values is 1 to 64.
M Commands
mac access-list
228
OL-20462-01
show access-list Displays access list information.
M Commands
mac address-table aging-time
229
OL-20462-01
To configure the aging time for entries in the Layer 2 table, use the mac address-table aging-time
command. To return to the default settings, use the no form of this command.
mac address-table aging-time seconds [vlan vlan_id]
no mac address-table aging-time [vlan vlan_id]
Syntax Description
Defaults 1800 seconds
Command History
Usage Guidelines Enter 0 seconds to disable the aging process.
The age value may be rounded off to the nearest multiple of 5 seconds. If the system rounds the value to
a different value from that specified by the user (from the rounding process), the system returns an
informational message.
When you use this command in the global configuration mode, the age values of all VLANs for which
a configuration has not been specified are modified and those VLANs with specifically modified aging
times are not modified. When you use the no form of this command without the VLAN parameter, only
those VLANs that have not been specifically configured for the aging time reset to the default value.
Those VLANs with specifically modified aging times are not modified.
When you use this command and specify a VLAN, the aging time for only the specified VLAN is
modified. When you use the no form of this command and specify a VLAN, the aging time for the VLAN
is returned to the current global configuration for the aging time, which may or may not be the default
value of 300 seconds depending if the global configuration of the device for aging time has been
changed.
Aging time is counted from the last time that the switch detected the MAC address.
seconds Aging time for MAC table entries for Layer 2. The range is from 120 to 918000
seconds. The default is 1800 seconds. Entering 0 disables the aging time.
vlan vlan_id (Optional) Specifies the VLAN to apply the changed aging time.
M Commands
230
OL-20462-01
Examples This example shows how to change the length of time an entry remains in the MAC address table to 500
seconds for the entire device:
switch(config)# mac address-table aging-time 500
switch(config)#
show mac
address-table
Displays information about the MAC address table.
clear mac
address-table
aging-time
Displays information about the MAC address aging time.
M Commands
mac address-table static
231
OL-20462-01
To configure a static entry for the Layer 2 MAC address table, use the mac address-table static
command. To delete the static entry, use the no form of this command.
mac address-table static mac-address vlan vlan-id {[drop | interface {type slot/port |
port-channel number]}
no mac address-table static {address mac_addr} {vlan vlan_id}
Syntax Description
Defaults None
Command History
Usage Guidelines You cannot apply the mac address-table static mac-address vlan vlan-id drop command to a multicast
MAC address.
The output interface specified cannot be a VLAN interface or a Switched Virtual Interface (SVI).
Use the no form to remove entries that are profiled by the combination of specified entry information.
mac-address Specifies the MAC address to add to the table. Use the format
XXXX.XXXX.XXXX.
vlan vlan-id Specifies the VLAN to apply static MAC address; valid values are from 1 to
4094.
drop Drops all traffic that is received from and going to the configured MAC address
in the specified VLAN.
type slot/port (Optional) Specifies the interface. Use the type of interface, the slot number,
and the port number.
port-channel
number
(Optional) Specifies the interface. Use the port-channel number.
M Commands
232
OL-20462-01
Examples This example shows how to add a static entry to the MAC address table:
switch(config)# mac address-table static 0050.3e8d.6400 vlan 3 interface ethernet 2/1
switch(config)#
show mac
address-table
Displays information about MAC address table.
M Commands
mac port access-group
233
OL-20462-01
mac port access-group
To enable access control for port groups, use the mac port access-group command. To disable access
control for port groups, use the no form of this command.
mac port access-group name {in | out}
no mac port access-group name {in | out}
Syntax Description
Defaults Access control for packets is not specified.
Command History
Examples This example shows how to enable access control for port groups:
switch(config)# port-profile 1
switch(config-port-prof)# mac port access-group groupOne in
Related Commands
name Group name. The range of valid values is 1 to 64.
in Specifies inbound traffic.
out Specifies outbound traffic.
Command Description
show mac Displays MAC information.
M Commands
match (ACL)
234
OL-20462-01
match (ACL)
To define ACL matching criteria, use the match command. To remove matching criteria, use the no form
of this command.
match {{access-group name name} | {[not] cos cos-list} | {[not] dscp {dscp-list | dscp-enum}+}
| {[not] precedence {precedence-list | prec-enum}+} | {[not] discard-class discard-class-list}
| {[not] qos-group qos-group-list} | {[not] class-map cmap-name} | {[not] packet length
len-list} | {[not] ip rtp port-list}}
no match {{access-group name acl-name} | {[not] cos cos-list} | {[not] dscp {dscp-list |
dscp-enum}+} | {[not] precedence {precedence-list | prec-enum}+} | {[not] discard-class
discard-class-list} | {[not] qos-group qos-group-list} | {[not] class-map cmap-name} | {[not]
packet length len-list} | {[not] ip rtp port-list}}
Syntax Description
Defaults None
access-group Specifies the access group.
name Specifies the ACL name.
name ACL name. The range of valid values is 1 to 64.
not (Optional) Negates the match result.
cos IEEE 802.1Q CoS (Class of Service).
cos-list List of CoS values. The range of valid values is 0 to 7.
dscp DSCP in IP(v4) and IPv6 packets.
dscp-list List of DSCP values.
dscp-enum .
precedence Precedence in IP(v4) and IPv6 packets.
precedence-list List of precedence values.
prec-enum .
discard-class
discard-class-li
st
Discard class + List of discard-class values.
qos-group
qos-group-list
Qos-group + List of qos-group values.
class-map
cmap-name
Class map + Match class-map name.
packet Packet.
length Length of IP datagram.
len-list list of IP packet length.
ip IP.
rtp Real Time Protocol.
port-list UDP port list that are using RTP.
M Commands
match (ACL)
235
OL-20462-01
Command Modes Class map configuration (config-cmap-qos
Command History
Usage Guidelines
Examples This example shows how to configure a class-map match criteria:
switch(config)# class-map cl_map1
switch(config-cmap-qos)# match access-group name ac_gr1
This example shows how to remove the class-map match criteria:
switch(config)# class-map cl_map1
switch(config-cmap-qos)# no match access-group name ac_gr1
Related Commands
Command Description
show class map Displays class map information.
M Commands
match ip (NetFlow)
236
OL-20462-01
match ip (NetFlow)
To define IP matching criteria for a NetFlow flow record, use the match ip command. To remove the
matching criteria, use the no form of this command.
match ip {protocol | tos}
no match ip {protocol | tos}
Syntax Description
Defaults None
Command Modes Flow Record Configuration (config-flow-record)
Command History
Usage Guidelines
Examples This example shows how to configure IP matching criteria for a NetFlow flow record and then display
the result:
n1000v# config t
n1000v(config-flow-record)# match ip protocol
n1000v(config-flow-record)# show flow record
Flow record RecordTest:
No. of users: 0
Template ID: 0
Fields:
match ip protocol
doc-n1000v(config-flow-record)#
This example shows how to remove the IP matching criteria for a NetFlow flow record a and then display
the result:
n1000v# config t
protocol Protocol.
tos Type of service.
M Commands
match ip (NetFlow)
237
OL-20462-01
n1000v(config-flow-record)# no match ip protocol
No. of users: 0
Template ID: 0
Fields:
show flow record [name] Displays a NetFlow flow record configuration.
match ipv4 Defines IPv4 matching criteria for a NetFlow flow record
match transport Defines transport matching criteria for a NetFlow flow record
M Commands
match ipv4 (NetFlow)
238
OL-20462-01
To define IPv4 matching criteria for a NetFlow flow record, use the match ipv4 command. To remove
the matching criteria, use the no form of this command.
match ipv4 {source | destination} address
no match ipv4 {source | destination} address
Syntax Description
Defaults None

Command History
Usage Guidelines
Examples This example shows how to configure IPv4 matching criteria for a NetFlow flow record and then display
the result:
n1000v# config t
n1000v(config-flow-record)# match ipv4 destination address
Description: Ipv4flow
No. of users: 0
Template ID: 0
Fields:
match ipv4 destination address
collect counter packets
n1000v(config-flow-record)#
source Source Address.
destination Destination Address.
address Address.
M Commands
239
OL-20462-01
This example shows how to remove the IPv4 matching criteria for a NetFlow flow record a and then
display the result:
n1000v# config t
n1000v(config-flow-record)# no match ipv4 destination address
No. of users: 0
Template ID: 0
Fields:
match ip Defines IP matching criteria for a NetFlow flow record
match transport Defines transport matching criteria for a NetFlow flow record
M Commands
match transport (NetFlow)
240
OL-20462-01
To define transport matching criteria for a NetFlow flow record, use the match transport command. To
remove the matching criteria, use the no form of this command.
match transport {destination-port | source-port}
no match transport {destination-port | source-port}
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to configure transport matching criteria for a NetFlow flow record and then
display the result:
n1000v# config t
n1000v(config-flow-record)# match transport destination-port
Description: Ipv4flow
No. of users: 0
Template ID: 0
Fields:
match ipv4 destination-port
collect counter packets
n1000v(config-flow-record)#
destination-port Transport destination port.
source-port Transport source port.
M Commands
241
OL-20462-01
This example shows how to remove the transport matching criteria for a NetFlow flow record a and then
display the result:
n1000v# config t
n1000v(config-flow-record)# no match transport destination-port
No. of users: 0
Template ID: 0
Fields:
match ip Defines IP matching criteria for a NetFlow flow record
match ipv4 Defines IPv4 matching criteria for a NetFlow flow record
M Commands
media
242
OL-20462-01
media
To specify the media type of a VLAN as Ethernet, use the media command. To remove the type, use the
media ethernet
no media
Syntax Description
Defaults None
Command History
Examples This example shows how to configure media type:
switch(config)# media ethernet
switch(config)#
Related Commands
ethernet Specifies Ethernet media type.
Command Description
show vlan Displays VLAN information.
M Commands
mkdir
243
OL-20462-01
mkdir
To create a new directory, use the mkdir command.
mkdir {bootflash: | debug: | volatile:}
Syntax Description
Defaults None
Command Modes EXEC
Command History
Examples This example shows how to create the bootflash: directory:
switch# mkdir bootflash:
Related Commands
bootflash: Specifies bootflash as the directory name.
debug: Specifies debug as the directory name.
volatile: Specifies volatile as the directory name.
Command Description
M Commands
module vem
244
OL-20462-01
module vem
To enter commands on the VEM remotely from the Cisco Nexus 1000V, use the module vem command.
module vem module-number execute line [line]
Syntax Description
Defaults None
Command Modes EXEC
Command History
Examples This example shows how to display the VEM port profile configuration remotely from the Cisco Nexus
1000V:
n1000v# module vem 3 execute vemcmd show port-profile
This example shows how to display the VEM VSD configuration remotely from the Cisco Nexus 1000V:
n1000v# module vem 3 execute vemcmd show vsd
ID Def_Act ILTL OLTL NMLTL State Member LTLs
1 DROP 48 49 4 ENA 54,52,55,53
2 FRWD 50 51 0 ENA
vsim-cp# module vem 3 execute vemcmd show vsd ports
LTL IfIndex VSD_ID VSD_PORT_TYPE
48 1b020000 1 INSIDE
49 1b020010 1 OUTSIDE
50 1b020020 2 INSIDE
51 1b020030 2 OUTSIDE
52 1b020040 1 REGULAR
53 1b020050 1 REGULAR
54 1b020060 1 REGULAR
55 1b020070 1 REGULAR
n1000v#
Related Commands
module-number Specifies the module number. The range is 3 to 66.
execute Specifies the command to execute on the VEM.
line The syntax of the command to be sent to the VEM.
Command Description
show module vem Displays Virtual Ethernet Module information.
M Commands
monitor session
245
OL-20462-01
monitor session
To enter the Monitor Configuration mode for configuring an Ethernet switch port analyzer (SPAN)
session for analyzing traffic between ports, use the monitor session command.
To disable monitoring a SPAN session(s), use the no form of this command.
monitor session {session-number [shut | type erspan-source] | all shut}
no monitor session {session-number [shut | type erspan-source] | all shut}
Syntax Description
Defaults None
Command History
Examples This example shows how to enter the Monitor Configuration mode for configuring SPAN session number
2 for analyzing traffic between ports:
switch# configuration t
This example shows how to remove the configuration for SPAN session 2 for analyzing traffic between
ports:
switch# configuration t
switch(config)# no monitor session 2
switch(config)#
Related Commands
session-number Specifies the session number for monitoring a switched port. SPAN sessions are
numbered from 1 to 64.
shut (Optional) Shuts the selected session.
type (Optional) Specifies a session type.
erspan-source (Optional) Creates an erspan source session
all Specify all sessions for monitoring a switched port.
Command Description
show monitor Displays Ethernet SPAN information.
M Commands
move
246
OL-20462-01
move
To move a file from one directory to another, use the move command.
move [filesystem:[//module/][directory/] | directory/]source-filename
{{filesystem:[//module/][directory/] | directory/}[destination-filename] | target-filename}
Syntax Description
Defaults The default name for the destination file is the same as the source filename.
Command Modes any
Command History
Usage Guidelines You can make a copy of a file by using the copy command.
Tip You can rename a file by moving it within the same directory.
Examples This example shows how to move a file to another directory:
switch# move file1 my_files:file2
This example shows how to move a file to another file system:
switch# move file1 slot0:
This example shows how to move a file to another supervisor module:
switch# move file1 bootflash://sup-remote/file1.bak
filesystem: (Optional) Name of a file system. The name is case sensitive.
//module/ (Optional) Identifier for a supervisor module. Valid values are sup-active,
sup-local, sup-remote, or sup-standby. The identifiers are case sensitive.
directory/ (Optional) Name of a directory. The name is case sensitive.
source-filename Name of the file to move. The name is case sensitive.
destination-filename (Optional) Name of the destination file. The name is alphanumeric, case
sensitive, and has a maximum of 64 characters.
M Commands
move
247
OL-20462-01
copy Makes a copy of a file.
M Commands
mtu
248
OL-20462-01
mtu
To configure the maximum transmission unit (MTU) size for an interface, use the mtu command. To
remove the configured MTU size from the interface, use the no form of this command.
mtu size
no mtu size
Syntax Description
Defaults 1500 Bytes
Command History
Examples This example shows how to set the MTU size to 2000:
switch(config)# configure interface port-channel 2
switch(config-if)# mtu 2000
Related Commands
size Specifies the MTU size. The range is 1500 to 9000.
Command Description
show interface Displays information about the interface, which includes MTU size.
249
OL-20462-01
N Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter N.
name
To name a VLAN, use the name command. To remove a VLAN name, use the no form of this command.
name name
no name
Syntax Description
Defaults The VLAN has no name.
Command History
Examples This example shows how to name a VLAN:
switch(config-vlan)# name v10
(config-vlan)#
name VLAN name. The range of valid values is 1 to 32.
N Commands
name
250
OL-20462-01
N Commands
ntp enable
251
OL-20462-01
ntp enable
To enable NTP, use the ntp enable command. To disable, use the no command form.
ntp enable
no ntp enable
Defaults Enabled
Command History
Usage Guidelines
Examples This example shows how to enable NTP:
switch# ntp enable
This example shows how to disable NTP:
switch# no ntp enable
Related Commands
Command Description
ntp server Configures a remote NTP server.
N Commands
ntp peer
252
OL-20462-01
ntp peer
To do configure the Network Time Protocol peer, use the ntp peer command. To remove the peer, use
ntp peer host [prefer] [use-vrf vrf]
no ntp peer host [prefer] [use-vrf vrf]
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to configure an NTP peer:
switch(config)# ntp peer 192.0.2.2
Related Commands
host Hostname or IP address of the NTP peer.
prefer (Optional) Specifies this peer as the preferred peer.
use-vrf vrf (Optional) Specifies the virtual routing and forwarding (VRF) used to reach this peer.
Command Description
show ntp peer Displays information about the NTP peer.
N Commands
ntp server
253
OL-20462-01
ntp server
To do configure a Network Time Protocol server, use the ntp server command. To remove the server,
ntp server host [prefer] [use-vrf vrf]
no ntp server host [prefer] [use-vrf vrf]
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to configure an NTP server:
switch(config)# ntp server 192.0.2.2
Related Commands
host Hostname or IP address of the NTP server.
prefer (Optional) Specifies this server as the preferred server.
use-vrf vrf (Optional) Specifies the virtual routing and forwarding (VRF) used to reach this peer.
Command Description
show ntp peer Displays information about the NTP peer.
N Commands
ntp source
254
OL-20462-01
ntp source
To do configure the Network Time Protocol source, use the ntp source command. To remove the NTP
source, use the no form of this command.
ntp source addr
no ntp source addr
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to configure the NTP source:
switch(config)# ntp source 192.0.2.3
This example shows how to remove the NTP source:
switch(config)# no ntp source 192.0.2.3
Related Commands
addr IPv4 or IPv6 address of the source. The IPv4 address format is dotted decimal,
x.x.x.x. The IPv6 address format is hex A:B::C:D.
Command Description
show ntp source Displays information about the NTP source.
255
OL-20462-01
O Commands
This chapter describes theCisco Nexus 1000V commands that begin with the letter O.
option exporter-stats timeout
To specify a timeout period for resending NetFlow flow exporter data, use the option exporter-stats
timeout command. To remove the timeout period, use the no form of this command.
option exporter-stats timeout time
no option exporter-stats timeout
Syntax Description
Defaults None
Command Modes Netflow Flow Exporter Version 9 Configuration (config-flow-exporter-version-9)
Command History
Usage Guidelines
Examples This example shows how to configure a 3600-second timeout period for resending NetFlow flow
exporter data:
time A time period between 1 and 86400 seconds.
O Commands
option exporter-stats timeout
256
OL-20462-01
switch# config t
switch(config-flow-exporter)# version 9
switch(config-flow-exporter-version-9)# option exporter-stats timeout 3600
This example shows how to remove the timeout period for resending NetFlow flow exporter data:
switch# config t
switch(config-flow-exporter-version-9)# no option exporter-stats timeout
option interface-table
timeout
Specifies a timeout period for resending the NetFlow flow exporter
interface table.
template data timeout Specifies a timeout period for resending NetFlow flow exporter template
data.
O Commands
option interface-table timeout
257
OL-20462-01
To specify the timeout period for resending the NetFlow flow exporter interface table, use the option
interface-table timeout command. To remove the timeout period, use the no form of this command.
option interface-table timeout time
no option interface-table timeout
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to configure a 3600 second timeout period for resending the NetFlow flow
exporter interface table:
switch# config t
switch(config-flow-exporter-version-9)# option exporter-stats timeout 3600
This example shows how to remove the timeout period for resending the NetFlow flow exporter interface
table:
switch# config t
switch(config-flow-exporter-version-9)# no option exporter-stats timeout
O Commands
258
OL-20462-01
option exporter-stats
timeout
Specifies a timeout period for resending NetFlow flow exporter data.
template data timeout Specifies a timeout period for resending NetFlow flow exporter template
data.
259
OL-20462-01
P Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter P.
packet vlan
To identify a packet VLAN, use the packet vlan command. To remove the packet vlan, use the no form
of this command.
packet vlan {vlan-number}
no packet vlan {vlan-number}
Syntax Description
Defaults None
Command Modes SVS Domain (config-svs-domain)
Command History
Usage Guidelines
Examples This example shows how to create packet VLAN 261:
vlan-number Specifies the packet VLAN ID. The range of values is 1 to 3967 and 4048 to 4093.
P Commands
packet vlan
260
OL-20462-01
switch(config-svs-domain)# packet vlan 261
This example shows how to remove the packet VLAN 261:
switch(config-svs-domain)# no packet vlan 261
show running-config Displays information about the running configuration on the switch.
P Commands
permit (IPv4)
261
OL-20462-01
permit (IPv4)
To create an IPv4 access control list (ACL) rule that permits traffic matching its conditions, use the
permit command. To remove a rule, use the no form of this command.
General Syntax
[sequence-number] permit protocol source destination [dscp dscp | precedence precedence]
no permit protocol source destination [dscp dscp | precedence precedence]
no sequence-number
Internet Control Message Protocol
[sequence-number] permit icmp source destination [icmp-message] [dscp dscp | precedence
precedence]
Internet Group Management Protocol
[sequence-number] permit igmp source destination [igmp-message] [dscp dscp | precedence
precedence]
Internet Protocol v4
[sequence-number] permit ip source destination [dscp dscp | precedence precedence]
Transmission Control Protocol
[sequence-number] permit tcp source [operator port [port] | portgroup portgroup] destination
[operator port [port] | portgroup portgroup] [dscp dscp | precedence precedence]
User Datagram Protocol
[sequence-number] permit udp source [operator port [port] | portgroup portgroup] destination
[operator port [port] | portgroup portgroup] [dscp dscp | precedence precedence]
P Commands
permit (IPv4)
262
OL-20462-01
Syntax Description sequence-number (Optional) Sequence number of the permit command, which causes the device to
If you do not specify a sequence number, the device adds the rule to the end of the
ACL and assigns a sequence number that is 10 greater than the sequence number
of the preceding rule.
protocol Name or number of the protocol of packets that the rule matches. Valid numbers
are from 0 to 255. Valid protocol names are the following keywords:
icmpSpecifies that the rule applies to ICMP traffic only. When you use this
keyword, the icmp-message argument is available, in addition to the
keywords that are available for all valid values of the protocol argument.
igmpSpecifies that the rule applies to IGMP traffic only. When you use this
keyword, the igmp-type argument is available, in addition to the keywords
ipSpecifies that the rule applies to all IPv4 traffic. When you use this
keyword, only the other keywords and arguments that apply to all IPv4
protocols are available. They include the following:
dscp
precedence
tcpSpecifies that the rule applies to TCP traffic only. When you use this
keyword, the flags and operator arguments and the portgroup and
established keywords are available, in addition to the keywords that are
available for all valid values of the protocol argument.
udpSpecifies that the rule applies to UDP traffic only. When you use this
keyword, the operator argument and the portgroup keyword are available,
in addition to the keywords that are available for all valid values of the
protocol argument.
source Source IPv4 addresses that the rule matches. For details about the methods that
you can use to specify this argument, see Source and Destination in the Usage
Guidelines section.
destination Destination IPv4 addresses that the rule matches. For details about the methods
P Commands
permit (IPv4)
263
OL-20462-01
dscp dscp (Optional) Specifies that the rule matches only those packets with the specified
6-bit differentiated services value in the DSCP field of the IP header. The dscp
argument can be one of the following numbers or keywords:
063The decimal equivalent of the 6 bits of the DSCP field. For example,
if you specify 10, the rule matches only those packets that have the following
bits in the DSCP field: 001010.
af11Assured Forwarding (AF) class 1, low drop probability (001010)
cs1Class-selector (CS) 1, precedence 1 (001000)
defaultDefault DSCP value (000000)
ifExpedited Forwarding (101110)
P Commands
permit (IPv4)
264
OL-20462-01
precedence
precedence
(Optional) Specifies that the rule matches only packets that have an IP Precedence
field with the value specified by the precedence argument. The precedence
argument can be a number or a keyword, as follows:
07Decimal equivalent of the 3 bits of the IP Precedence field. For
example, if you specify 3, the rule matches only packets that have the
following bits in the DSCP field: 011.
criticalPrecedence 5 (101)
flashPrecedence 3 (011)
flash-overridePrecedence 4 (100)
immediatePrecedence 2 (010)
internetPrecedence 6 (110)
networkPrecedence 7 (111)
priorityPrecedence 1 (001)
routinePrecedence 0 (000)
icmp-message (ICMP only: Optional) ICMP message type that the rule matches. This argument
can be an integer from 0 to 255 or one of the keywords listed under ICMP
Message Types in the Usage Guidelines section.
igmp-message (IGMP only: Optional) IGMP message type that the rule matches. The
igmp-message argument can be the IGMP message number, which is an integer
from 0 to 15. It can also be one of the following keywords:
dvmrpDistance Vector Multicast Routing Protocol
host-queryHost query
host-reportHost report
pimProtocol Independent Multicast
traceMulticast trace
P Commands
permit (IPv4)
265
OL-20462-01
Defaults A newly created IPv4 ACL contains no rules.
If you do not specify a sequence number, the device assigns to the rule a sequence number that is 10
greater than the last rule in the ACL.
Command Modes IPv4 ACL configuration
Command History
operator port
[port]
(Optional; TCP and UDP only) Rule matches only packets that are from a source
port or sent to a destination port that satisfies the conditions of the operator and
port arguments. Whether these arguments apply to a source port or a destination
port depends upon whether you specify them after the source argument or after
the destination argument.
The port argument can be the name or the number of a TCP or UDP port. Valid
numbers are integers from 0 to 65535. For listings of valid port names, see TCP
Port Names and UDP Port Names in the Usage Guidelines section.
A second port argument is required only when the operator argument is a range.
The operator argument must be one of the following keywords:
eqMatches only if the port in the packet is equal to the port argument.
gtMatches only if the port in the packet is greater than and not equal to the
port argument.
ltMatches only if the port in the packet is less than and not equal to the port
argument.
neqMatches only if the port in the packet is not equal to the port argument.
rangeRequires two port arguments and matches only if the port in the
packet is equal to or greater than the first port argument and equal to or less
than the second port argument.
flags (TCP only; Optional) TCP control bit flags that the rule matches. The value of the
flags argument must be one or more of the following keywords:
ack
fin
psh
rst
syn
urg
P Commands
permit (IPv4)
266
OL-20462-01
Usage Guidelines When the device applies an IPv4 ACL to a packet, it evaluates the packet with every rule in the ACL.
You can specify the source and destination arguments in one of several ways. In each rule, the method
you use to specify one of these arguments does not affect how you specify the other. When you configure
a rule, use the following methods to specify the source and destination arguments:
Address and network wildcardYou can use an IPv4 address followed by a network wildcard to
specify a host or a network as a source or destination. The syntax is as follows:
IPv4-address network-wildcard
The following example shows how to specify the source argument with the IPv4 address and
network wildcard for the 192.168.67.0 subnet:
switch(config-acl)# permit tcp 192.168.67.0 0.0.0.255 any
Address and variable-length subnet maskYou can use an IPv4 address followed by a
variable-length subnet mask (VLSM) to specify a host or a network as a source or destination. The
syntax is as follows:
IPv4-address/prefix-len
The following example shows how to specify the source argument with the IPv4 address and VLSM
for the 192.168.67.0 subnet:
switch(config-acl)# permit udp 192.168.67.0/24 any
Host addressYou can use the host keyword and an IPv4 address to specify a host as a source or
destination. The syntax is as follows:
host IPv4-address
This syntax is equivalent to IPv4-address/32 and IPv4-address 0.0.0.0.
The following example shows how to specify the source argument with the host keyword and the
192.168.67.132 IPv4 address:
switch(config-acl)# permit icmp host 192.168.67.132 any
Any addressYou can use the any keyword to specify that a source or destination is any IPv4
address. For examples of the use of the any keyword, see the examples in this section. Each example
shows how to specify a source or destination by using the any keyword.
ICMP Message Types
The icmp-message argument can be the ICMP message number, which is an integer from 0 to 255. It can
also be one of the following keywords:
administratively-prohibitedAdministratively prohibited
alternate-addressAlternate address
conversion-errorDatagram conversion
dod-host-prohibitedHost prohibited
dod-net-prohibitedNet prohibited
echoEcho (ping)
echo-replyEcho reply
P Commands
permit (IPv4)
267
OL-20462-01
general-parameter-problemParameter problem
host-isolatedHost isolated
host-precedence-unreachableHost unreachable for precedence
host-redirectHost redirect
host-tos-redirectHost redirect for ToS
host-tos-unreachableHost unreachable for ToS
host-unknownHost unknown
host-unreachableHost unreachable
information-replyInformation replies
information-requestInformation requests
mask-replyMask replies
mask-requestMask requests
mobile-redirectMobile host redirect
net-redirectNetwork redirect
net-tos-redirectNet redirect for ToS
net-tos-unreachableNetwork unreachable for ToS
net-unreachableNet unreachable
network-unknownNetwork unknown
no-room-for-optionParameter required but no room
option-missingParameter required but not present
packet-too-bigFragmentation needed and DF set
parameter-problemAll parameter problems
port-unreachablePort unreachable
precedence-unreachablePrecedence cutoff
protocol-unreachableProtocol unreachable
reassembly-timeoutReassembly timeout
redirectAll redirects
router-advertisementRouter discovery advertisements
router-solicitationRouter discovery solicitations
source-quenchSource quenches
source-route-failedSource route failed
time-exceededAll time exceeded messages
timestamp-replyTimestamp replies
timestamp-requestTimestamp requests
tracerouteTraceroute
ttl-exceededTTL exceeded
unreachableAll unreachables
P Commands
permit (IPv4)
268
OL-20462-01
TCP Port Names
When you specify the protocol argument as tcp, the port argument can be a TCP port number, which is
an integer from 0 to 65535. It can also be one of the following keywords:
bgpBorder Gateway Protocol (179)
chargenCharacter generator (19)
cmdRemote commands (rcmd, 514)
daytimeDaytime (13)
discardDiscard (9)
domainDomain Name Service (53)
dripDynamic Routing Information Protocol (3949)
echoEcho (7)
execExec (rsh, 512)
fingerFinger (79)
ftpFile Transfer Protocol (21)
ftp-dataFTP data connections (2)
gopherGopher (7)
hostnameNIC hostname server (11)
identIdent Protocol (113)
ircInternet Relay Chat (194)
kloginKerberos login (543)
kshellKerberos shell (544)
loginLogin (rlogin, 513)
lpdPrinter service (515)
nntpNetwork News Transport Protocol (119)
smtpSimple Mail Transport Protocol (25)
talkTalk (517)
telnetTelnet (23)
timeTime (37)
uucpUNIX-to-UNIX Copy Program (54)
whoisWHOIS/NICNAME (43)
wwwWorld Wide Web (HTTP, 8)
P Commands
permit (IPv4)
269
OL-20462-01
UDP Port Names
When you specify the protocol argument as udp, the port argument can be a UDP port number, which
is an integer from 0 to 65535. It can also be one of the following keywords:
biffBiff (mail notification, comsat, 512)
bootpcBootstrap Protocol (BOOTP) client (68)
bootpsBootstrap Protocol (BOOTP) server (67)
discardDiscard (9)
dnsixDNSIX security protocol auditing (195)
domainDomain Name Service (DNS, 53)
echoEcho (7)
isakmpInternet Security Association and Key Management Protocol (5)
mobile-ipMobile IP registration (434)
nameserverIEN116 name service (obsolete, 42)
netbios-dgmNetBIOS datagram service (138)
netbios-nsNetBIOS name service (137)
netbios-ssNetBIOS session service (139)
non500-isakmpInternet Security Association and Key Management Protocol (45)
ntpNetwork Time Protocol (123)
ripRouting Information Protocol (router, in.routed, 52)
snmpSimple Network Management Protocol (161)
snmptrapSNMP Traps (162)
syslogSystem Logger (514)
talkTalk (517)
tftpTrivial File Transfer Protocol (69)
timeTime (37)
whoWho service (rwho, 513)
xdmcpX Display Manager Control Protocol (177)
Examples This example shows how to configure an IPv4 ACL named acl-lab-01 with rules permitting all TCP and
UDP traffic from the 10.23.0.0 and 192.168.37.0 networks to the 10.176.0.0 network:
switch# config t
switch(config)# ip access-list acl-lab-01
switch(config-acl)# permit tcp 10.23.0.0/16 10.176.0.0/16
switch(config-acl)# permit udp 10.23.0.0/16 10.176.0.0/16
switch(config-acl)# permit tcp 192.168.37.0/16 10.176.0.0/16
switch(config-acl)# permit udp 192.168.37.0/16 10.176.0.0/16
P Commands
permit (IPv4)
270
OL-20462-01
This example shows how to configure an IPv4 ACL named acl-eng-to-marketing with a rule that permits
all IP traffic from an IP-address object group named eng_workstations to an IP-address object group
named marketing_group:
switch# config t
switch(config)# ip access-list acl-eng-to-marketing
switch(config-acl)# permit ip addrgroup eng_workstations addrgroup marketing_group
deny (IPv4) Configures a deny rule in an IPv4 ACL.
ip access-list Configures an IPv4 ACL.
show ip access-list Displays all IPv4 ACLs or one IPv4 ACL.
P Commands
permit (MAC)
271
OL-20462-01
permit (MAC)
To create a MAC ACL rule that permits traffic matching its conditions, use the permit command. To
remove a rule, use the no form of this command.
[sequence-number] permit source destination [protocol] [cos cos-value] [vlan VLAN-ID]
no permit source destination [protocol] [cos cos-value] [vlan VLAN-ID]
no sequence-number
Syntax Description
Defaults None
Command Modes MAC ACL configuration
sequence-number (Optional) Sequence number of the permit command, which causes the device
to insert the command in that numbered position in the access list. Sequence
If you do not specify a sequence number, the device adds the rule to the end of
the ACL and assigns a sequence number that is 10 greater than the sequence
number of the preceding rule.
source Source MAC addresses that the rule matches. For details about the methods that
you can use to specify this argument, see Source and Destination in the
destination Destination MAC addresses that the rule matches. For details about the methods
protocol (Optional) Protocol number that the rule matches. Valid protocol numbers are
0x0 to 0xffff. For listings of valid protocol names, see MAC Protocols in the
cos cos-value (Optional) Specifies that the rule matches only packets with an IEEE 802.1Q
header that contains the Class of Service (CoS) value given in the cos-value
argument. The cos-value argument can be an integer from 0 to 7.
vlan VLAN-ID (Optional) Specifies that the rule matches only packets with an IEEE 802.1Q
header that contains the VLAN ID given. The VLAN-ID argument can be an
integer from 1 to 4094.
P Commands
permit (MAC)
272
OL-20462-01
Command History
Usage Guidelines A newly created MAC ACL contains no rules.
If you do not specify a sequence number, the device assigns a sequence number that is 10 greater than
the last rule in the ACL.
When the device applies a MAC ACL to a packet, it evaluates the packet with every rule in the ACL.
You can specify the source and destination arguments in one of two ways. In each rule, the method you
use to specify one of these arguments does not affect how you specify the other. When you configure a
rule, use the following methods to specify the source and destination arguments:
Address and maskYou can use a MAC address followed by a mask to specify a single address or
a group of addresses. The syntax is as follows:
MAC-address MAC-mask
The following example specifies the source argument with the MAC address 00c0.4f03.0a72:
switch(config-acl)# permit 00c0.4f03.0a72 0000.0000.0000 any
The following example specifies the destination argument with a MAC address for all hosts with a
MAC vendor code of 00603e:
switch(config-acl)# permit any 0060.3e00.0000 0000.0000.0000
Any addressYou can use the any keyword to specify that a source or destination is any MAC
address. For examples of the use of the any keyword, see the examples in this section. Each of the
examples shows how to specify a source or destination by using the any keyword.
MAC Protocols
The protocol argument can be the MAC protocol number or a keyword. The protocol number is a
four-byte hexadecimal number prefixed with 0x. Valid protocol numbers are from 0x0 to 0xffff. Valid
keywords are the following:
aarpAppletalk ARP (0x80f3)
appletalkAppletalk (0x809b)
decnet-ivDECnet Phase IV (0x6003)
diagnosticDEC Diagnostic Protocol (0x6005)
etype-6000Ethertype 0x6000 (0x6000)
etype-8042Ethertype 0x8042 (0x8042)
ipInternet Protocol v4 (0x0800)
latDEC LAT (0x6004)
lavc-scaDEC LAVC, SCA (0x6007)
mop-consoleDEC MOP Remote console (0x6002)
mop-dumpDEC MOP dump (0x6001)
P Commands
permit (MAC)
273
OL-20462-01
vines-echoVINES Echo (0x0baf)
Examples This example shows how to configure a MAC ACL named mac-ip-filter with a rule that permits all IPv4
traffic between two groups of MAC addresses:
switch# config t
switch(config)# mac access-list mac-ip-filter
switch(config-mac-acl)# permit 00c0.4f00.0000 0000.00ff.ffff 0060.3e00.0000 0000.00ff.ffff
ip
deny (MAC) Configures a deny rule in a MAC ACL.
mac access-list Configures a MAC ACL.
show mac access-list Displays all MAC ACLs or one MAC ACL.
P Commands
ping
274
OL-20462-01
ping
To determine the network connectivity to another device using IPv4 addressing, use the ping command.
ping [dest-ipv4-address | hostname | mulitcast multicast-group-address interface [ethernet
slot/port | loopback number | mgmt0 | port-channel channel-number | vethernet number]]
[count {number | unlimited}] [df-bit] [interval seconds] [packet-size bytes] [source
src-ipv4-address] [timeout seconds] [vrf vrf-name]
Syntax Description
Defaults For the default values, see the Syntax Description section for this command.
Command Modes Any
dest-ipv4-address IPv4 address of destination device. The format is A.B.C.D.
hostname Hostname of destination device. The hostname is case sensitive.
multicast Multicast ping.
multicast-group-address Multicast group address. The format is A.B.C.D.
interface Specifies the interface to send the multicast packet.
ethernet slot/port Specifies the slot and port number for the Ethernet interface.
loopback number Specifies a virtual interface number from 0 to 1023.
mgmt0 Specifies the management interface.
port-channel
channel-number
Specifies a port-channel interface in the range 1 to 4096.
vethernet number Specifies a virtual Ethernet interface in the range 1 to 1048575.
count (Optional) Specifies the number of transmissions to send.
number Number of pings. The range is from 1 to 655350. The default is 5.
unlimited Allows an unlimited number of pings.
df-bit (Optional) Enables the do-not-fragment bit in the IPv4 header. The default
is disabled.
interval seconds (Optional) Specifies the interval in seconds between transmissions. The
range is from 0 to 60. The default is 1 second.
packet-size bytes (Optional) Specifies the packet size in bytes to transmit. The range is from
1 to 65468. The default is 56 bytes.
source scr-ipv4-address (Optional) Specifies the source IPv4 address to use. The format is A.B.C.D.
The default is the IPv4 address for the management interface of the device.
timeout seconds (Optional) Specifies the nonresponse timeout interval in seconds. The range
is from 1 to 60. The default is 2 seconds.
vrf vrf-name (Optional) Specifies the virtual routing and forwarding (VRF) name. The
default is the default VRF.
P Commands
ping
275
OL-20462-01
Command History
Usage Guidelines To determine the network connectivity to another device using IPv6 addressing, use the ping6
command.
Examples This example shows how to determine connectivity to another device using IPv4 addressing:
switch# ping 172.28.231.246 vrf management
PING 172.28.231.246 (172.28.231.246): 56 data bytes
Request 0 timed out
64 bytes from 172.28.231.246: icmp_seq=1 ttl=63 time=0.799 ms
--- 172.28.231.246 ping statistics ---
5 packets transmitted, 4 packets received, 20.00% packet loss
round-trip min/avg/max = 0.597/0.694/0.799 ms
Related Commands
Command Description
ping6 Determines connectivity to another device using IPv6 addressing.
P Commands
pinning
276
OL-20462-01
pinning
To pin control or packet VLAN traffic to a specific sub group, use the pinning command. To remove
the configuration, use the no form of this command.
pinning {control-vlan | packet-vlan} sub-group_id
no pinning {control-vlan | packet-vlan} sub-group_id
Syntax Description
Defaults None
Command History
Examples This example shows how to pin traffic on the control VLAN to a sub group 0:
n1000v# config t
n1000v(config)# port-profile SystemProfile1
n1000v(config-port-prof)# pinning control-vlan 3
n1000v(config-port-prof)# show port-profile SystemProfile1
port-profile SystemProfile1
description:
type: ethernet
status: disabled
pinning control-vlan: 3
system vlans: 1
port-group: SystemProfile1
max ports: -
inherit:
config attributes:
switchport mode trunk
switchport trunk allowed vlan 1-5
no shutdown
switchport trunk allowed vlan 1-5
no shutdown
control-vlan Specifies to pin control VLAN traffic to a specific sub group.
packet-vlan Specifies to pin packet VLAN traffic to a specific sub group.
sub-group-id ID number of the sub group. Range is from 0 to 31.
P Commands
pinning
277
OL-20462-01
n1000v(config-port-prof)# copy running-config startup-config
This example shows how to pin traffic on the packet VLAN to sub group 0:
n1000v# config t
n1000v(config)# port-profile SystemProfile1
n1000v(config-port-prof)# pinning packet-vlan 0
n1000v(config-port-prof)# show port-profile name SystemProfile1
port-profile SystemProfile1
description:
type: ethernet
status: disabled
pinning packet-vlan: 0
system vlans: 1
port-group:
max ports: -
inherit:
config attributes:
switchport access vlan 1
switchport trunk native vlan 1
no shutdown
no shutdown
n1000v(config-port-prof)# copy running-config startup-config
show port-profile
[brief |
expand-interface |
usage] [name
profile-name]
Displays port profile information.
show running-config
port-profile
profile-name
Displays the running configuration of the specified port profile, including
the pinning configuration.
P Commands
pinning id
278
OL-20462-01
pinning id
To pin vEthernet traffic to a specific sub-group, use the pinning id command. To remove the
pinning id sub-group-id
no pinning id
Syntax Description
Defaults None
Command Modes Interface configuration mode (config-if)
Command History
Examples This example shows how to pin vEthernet interfaces to sub-group 3:
n1000v(config)# config t
n1000v(config)# interface vethernet 1
n1000v(config-if)# pinning id 0
n1000v(config-if)# show running-config interface vethernet 1
version 4.0(4)SV1(2)
interface Vethernet3
service-policy type qos input policy1
pinning id 0
n1000v(config-if)# exit
n1000v(config)# exit
n1000v# module vem 3 execute vemcmd show pinning
LTL IfIndex PC_LTL VSM_SGID VEM_SGID Eff_SGID
48 1b040000 304 0 0 0
n1000v(config-if)# copy running-config startup-config
sub-group-id ID number of the sub group. Range is from 0 to 31.
P Commands
pinning id
279
OL-20462-01
module vem
module_number execute
vemcmd show pinning
Displays the pinning configuration on the specified VEM.
show port-profile
[brief |
expand-interface |
usage] [name
profile-name]
Displays port profile information.
show running-config
interface vethernet
interface-number
Displays the running configuration of the specified vEthernet interface,
including the pinning configuration.
show running-config
port-profile
profile-name
Displays the running configuration of the specified port profile, including
the pinning configuration.
P Commands
police
280
OL-20462-01
police
To control traffic rates, use the police command. To remove control, use the no form of this command.
police {{[cir] {cir [bps|kbps|mbps|gbps] | percent cir-percent} [[bc] {committed-burst
[bytes|kbytes|mbytes|ms|us]}] [pir {pir- [bps2|kbps2|mbps2|gbps2] | percent pir-percent}
[[be] {extended-burst [bytes2|kbytes2|mbytes2|ms2|us2]}]] [conform {transmit |
set-prec-transmit {precedence-number} | set-dscp-transmit {dscp-value | dscp-number} |
set-cos-transmit cos-value | set-discard-class-transmit discard-class-value |
set-qos-transmit qos-group-value} [exceed {drop1 | set exc-from-field exc-to-field table
cir-markdown-map}] [violate {drop2 | set vio-from-field vio-to-field table2
pir-markdown-map}]]}}
no police {{[cir] {cir [bps|kbps|mbps|gbps] | percent cir-percent} [[bc] {committed-burst
[bytes|kbytes|mbytes|ms|us]}] [pir {pir [bps2|kbps2|mbps2|gbps2] | percent pir-percent}
[[be] {extended-burst [bytes2|kbytes2|mbytes2|ms2|us2]}]] [conform {transmit |
set-prec-transmit {precedence-number} | set-dscp-transmit {dscp-value | dscp-number} |
set-cos-transmit cos-value | set-discard-class-transmit discard-class-value |
set-qos-transmit qos-group-value} [exceed {drop1 | set exc-from-field exc-to-field table
cir-markdown-map}] [violate {drop2 | set vio-from-field vio-to-field table2
pir-markdown-map}]]}}
Syntax Description cir (Optional) Specifies CIR (Committed Information Rate).
cir Committed Information Rate in bps or kbps or mbps or gbps.
bps (Optional) Specifies bits per second.
kbps (Optional) Specifies kilobits per second.
mbps (Optional) Specifies megabits per second.
gbps (Optional) Specifies gigabits per second.
percent Specifies CIR (Committed Information Rate) percentage.
cir-percent CIR percentage.
bc (Optional) Specifies BC (Burst Commit).
committed-burst Packet burst.
bytes (Optional) Specifies burst size in bytes.
kbytes (Optional) Specifies burst size in kilobytes.
mbytes (Optional) Specifies burst size in megabytes.
ms (Optional) Specifies burst interval in milliseconds.
us (Optional) Specifies burst interval in microseconds.
pir (Optional) Specifies PIR (Peak Information Rate).
pir Peak Information Rate in bps or kbps or mbps or gbps.
bps2 (Optional) Specifies bits per second.
kbps2 (Optional) Specifies kilobits per second.
mbps2 (Optional) Specifies megabits per second.
gbps2 (Optional) Specifies gigabits per second.
be (Optional) Specifies extended burst.
extended-burst Extended packet burst.
P Commands
police
281
OL-20462-01
ms2 (Optional) Specifies burst interval in milliseconds.
us2 (Optional) Specifies burst interval in microseconds.
conform (Optional) Specifies a conform action.
transmit Specifies packet transmission.
set-prec-transmit Specifies a precedence and transmits it.
precedence-number Precedence number. The following are valid numbers:
0Routine precedence
1Priority precedence
i2Immediate precedence
3Flash precedence
4Flash override precedence
5Critical precedence
6Internetwork control precedence
7 Network control precedence
set-dscp-transmit Specifies a DSCP (Differentiated Services Code Point) and transmits it.
dscp-number DSCP number or code. The range of valid values is 1 to 63. You can also set DSCP
to one of the following codes:
af11AF11 dscp (001010)
af12AF12 dscp (001100)
af13AF13 dscp (001110)
af21AF21 dscp (010010)
af22AF22 dscp (010100)
af23AF23 dscp (010110)
af31AF31 dscp (011010)
af32AF32 dscp (011100)
af33AF33 dscp (011110)
af41AF41 dscp (100010)
af42AF42 dscp (100100)
af43AF43 dscp (100110)
cs1CS1(precedence 1) dscp (001000)
defaultdefault dscp (000000)
efEF dscp (101110)
P Commands
police
282
OL-20462-01
Defaults None
Command Modes Policy map configuration (config-pmap-c-qos)
Command History
Examples This example shows how to control traffic rates:
switch(config)# policy-map pm10
switch(config-pmap-c-qos)# police 100000 bps 10000 bytes
set-cos-transmit Specifies a CoS number and transmits it.
cos-value CoS group number. The range of valid values is 0 to 7.
set-discard-class-
transmit
Specifies a discard class number and transmits it.
discard-class-value The discard class number. The range of valid values is 0 to 63.
set-qos-transmit Specifies a QoS group number and transmits it.
qos-group-value QoS group number. The range of valid values is 0 to 126.
exceed (Optional) Specifies an exceed action.
drop1 Specifies that packets are to be dropped.
set Specifies a particular value in a table or markdown map.
exc-from-field .
exc-to-field .
table .
cir-markdown-ma
p
.
violate (Optional) Specifies a violate action.
drop2 .Specifies that packets are to be dropped.
vio-from-field .
vio-to-field .
table2 .
pir-markdown-
map
.
P Commands
police
283
OL-20462-01
show qos Displays QoS information.
P Commands
policy-map
284
OL-20462-01
policy-map
To create and configure policy maps, use the policy-map command. To remove policy maps, use the no
policy-map {name | type qos name}
no policy-map {name | type qos name}
Syntax Description
Defaults The policy map does not exist.
Command History
Usage Guidelines When you create or configure a policy map, you automatically enter configure policy map mode.
Examples This example shows how to create policy maps:
switch(config-pmap-qos)#
This example shows how to remove policy maps:
switch(config)# no policy-map pm20
switch(config)#
Related Commands
name Policy map name. The range of valid values is 1 to 40.
type qos Specifies the policy map type as QoS.
Command Description
show policy-map Displays policy map information.
P Commands
port-channel load-balance ethernet
285
OL-20462-01
To set the load-balancing method among the interfaces in the channel-group bundle, use the
port-channel load-balance ethernet command. To return the system priority to the default value, use
port-channel load-balance ethernet method [module slot]
no port-channel load-balance ethernet [method [module slot]]
Syntax Description
Defaults Layer 2 packetssource-mac
Layer 3 packetssource-mac
Command History
Usage Guidelines When you do not specify a module, you are configuring load balancing for the entire device. When you
use the module parameter, you are configuring load balancing for the specified modules
Valid method values are as follows:
dest-ip-portLoads distribution on the destination IP address and L4 port.
dest-ip-port-vlanLoads distribution on the destination IP address, L4 port, and VLAN.
destination-ip-vlanLoads distribution on the destination IP address and VLAN
destination-macLoads distribution on the destination MAC address.
destination-portLoads distribution on the destination L4 port.
source-dest-ip-portLoads distribution on the source and destination IP address and L4 port.
source-dest-ip-port-vlanLoads distribution on the source and destination IP address, L4 port,
and VLAN.
source-dest-ip-vlanLoads distribution on the source and destination IP address and VLAN.
source-dest-macLoads distribution on the source and destination MAC address.
source-dest-portLoads distribution on the source and destination L4 port.
method Load-balancing method. See the Usage Guidelines section for a list of
valid values.
module (Optional) Specifies a module number. The range is 1 to 66.
P Commands
286
OL-20462-01
source-ip-portLoads distribution on the source IP address.
source-ip-port-vlanLoads distribution on the source IP address, L4, and VLAN
source-ip-vlanLoads distribution on the source IP address and VLAN.
source-macLoads distribution on the source MAC address.
source-portLoads distribution on the source port.
source-virtual-port-idLoads distribution on the source virtual port ID.
vlan-onlyLoads distribution on the VLAN only.
Use the module argument to configure the module independently for port-channeling and
load-balancing mode. When you do this, the remaining module use the current load-balancing method
configured for the entire device, or the default method if you have not configured a method for the entire
device. When you enter the no argument in conjunction with a module argument, the load-balancing
method for the specified module takes the current load-balancing method that is in use for the entire
device. If you configured a load-balancing method for the entire device, the specified module uses that
configured method, rather than the default source-mac. The per module configuration takes precedence
over the load-balancing method configured for the entire device.
Use the option that provides the balance criteria with the greatest variety in your configuration. For
example, if the traffic on a port channel is going only to a single MAC address and you use the
destination MAC address as the basis of port channel load balancing, the port channel always chooses
the same link in that port channel; using source addresses or IP addresses might result in better load
balancing.
Examples This example shows how to set the load-balancing method for the entire device to use the source port:
switch(config)# port-channel load-balance ethernet src-port
switch(config)#
show port-channel
load-balance
Displays information on port-channel load balancing.
P Commands
port-profile
287
OL-20462-01
port-profile
To create a port profile and enter port-profile configuration mode, use the port-profile command. To
remove the port profile configuration, use the no form of this command.
port-profile name
no port-profile name
Syntax Description
Defaults None
Command History
Usage Guidelines The port profile name must be unique for each port profile on the Nexus 1000V.
Examples This example shows how to create a port profile with the name AccessProf:
switch(config)# port-profile AccessProf
switch(config-port-prof)
This example shows how to remove the port profile with the name AccessProf:
switch(config)# no port-profile AccessProf
switch(config)
Related Commands
name Specifies the port profile name. The name can be up to 80 characters in length.
Command Description
show port-profile
name
Displays information about the port profiles.
P Commands
protocol vmware-vim
288
OL-20462-01
protocol vmware-vim
To enable the VMware VI SDK, use the protocol vmware-vim command. To disable the VMware
VI SDK, use the no form of this command.
protocol vmware-vim
no protocol vmware-vim
Defaults The VMware VI SDK is disabled.
Command History
Usage Guidelines The VMware VI SDK is published by VMware and it allows clients to talk to VMware vCenter.
You must first create an SVS connection before you you enable the VMware VI SDK.
Examples This example shows how to enable the VMware VI SDK.:
switch(config)# svs connection svs1
switch(config-svs-conn)# protocol vmware-vim
Related Commands
Command Description
show svs connection Displays SVS connection information.
P Commands
pwd
289
OL-20462-01
pwd
To view the current directory, use the pwd command.
pwd
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to view the current directory:
switch# pwd
bootflash:
switch#
P Commands
pwd
290
OL-20462-01
291
OL-20462-01
Q Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter Q.
qos statistics
To enable the recording of QoS statistics, use the qos statistics command. To disable the recording of
QoS statistics,, use the no form of this command.
qos statistics
no qos statistics
Defaults QoS statistics are not recorded.
Command History
Examples This example shows how to enable the recording of QoS statistics:
switch(config)# qos statistics
switch(config)#
Q Commands
qos statistics
292
OL-20462-01
show qos Displays QoS informaton.
293
OL-20462-01
R Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter R.
radius-server deadtime
To configure the dead-time interval for all RADIUS servers used by a device, use the radius-server
deadtime command. To revert to the default, use the no form of this command.
radius-server deadtime minutes
no radius-server deadtime minutes
Syntax Description
Defaults 0 minutes
Command History
Usage Guidelines The dead-time interval is the number of minutes before the device checks a RADIUS server that was
previously unresponsive.
minutes Number of minutes for the dead-time interval. The range is from 1 to 1440
minutes.
R Commands
radius-server deadtime
294
OL-20462-01
Note The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, periodic RADIUS
server monitoring is not performed.
Examples This example shows how to configure the global dead-time interval for all RADIUS servers to perform
periodic monitoring:
switch# config t
switch(config)# radius-server deadtime 5
This example shows how to revert to the default for the global dead-time interval for all RADIUS servers
and disable periodic server monitoring:
switch# config t
switch(config)# no radius-server deadtime 5
show radius-server Displays RADIUS server information.
R Commands
radius-server directed-request
295
OL-20462-01
To allow users to send authentication requests to a specific RADIUS server when logging in, use the
radius-server directed request command. To revert to the default, use the no form of this command.
no radius-server directed-request
Defaults Disabled
Command History
Usage Guidelines You can specify the username@vrfname:hostname during login, where vrfname is the virutal routing and
forwarding (VRF) instance to use and hostname is the name of a configured RADIUS server. The
username is sent to the RADIUS server for authentication.
Examples This example shows how to allow users to send authentication requests to a specific RADIUS serve when
logging in:
switch# config t
switch(config)# radius-server directed-request
This example shows how to disallow users to send authentication requests to a specific RADIUS server
when logging in:
switch# config t
switch(config)# no radius-server directed-request
Related Commands
Command Description
show radius-server
directed-request
Displays the directed request RADIUS server configuration.
R Commands
radius-server host
296
OL-20462-01
radius-server host
To configure RADIUS server parameters, use the radius-server host command. To revert to the default,
radius-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret [pac]] [accounting]
[acct-port port-number] [auth-port port-number] [authentication] [retransmit count]
[test {idle-time time | password password | username name}]
[timeout seconds [retransmit count]]
no radius-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret [pac]] [accounting]
[acct-port port-number] [auth-port port-number] [authentication] [retransmit count]
[timeout seconds [retransmit count]]
Syntax Description hostname RADIUS server Domain Name Server (DNS) name. The name is
alphanumeric, case sensitive, and has a maximum of 256 characters.
ipv4-address RADIUS server IPv4 address in the A.B.C.D format.
ipv6-address RADIUS server IPv6 address in the X:X:X::X format.
key (Optional) Configures the RADIUS server preshared secret key.
0 (Optional) Configures a preshared key specified in clear text to authenticate
communication between the RADIUS client and server. This is the default.
7 (Optional) Configures a preshared key specified in encrypted text (indicated
by 7) to authenticate communication between the RADIUS client and server.
shared-secret Preshared key to authenticate communication between the RADIUS client
and server. The preshared key can include any printable ASCII characters
(white spaces are not allowed), is case sensitive, and has a maximum of 63
characters.
pac (Optional) Enables the generation of Protected Access Credentials (PAC) on
the RADIUS Cisco Access Control Server (ACS) for use with Cisco
TrustSec.
accounting (Optional) Configures accounting.
acct-port port-number (Optional) Configures the RADIUS server port for accounting. The range is
from 0 to 65535.
auth-port port-number (Optional) Configures the RADIUS server port for authentication. The range
is from 0 to 65535.
authentication (Optional) Configures authentication.
retransmit count (Optional) Configures the number of times that the device tries to connect to
a RADIUS server(s) before reverting to local authentication. The range is
from 1 to 5 times and the default is 1 time.
test (Optional) Configures parameters to send test packets to the RADIUS server.
idle-time time Specifies the time interval (in minutes) for monitoring the server. The range
is from 1 to 1440 minutes.
password password Specifies a user password in the test packets. The password is alphanumeric,
case sensitive, and has a maximum of 32 characters.
R Commands
radius-server host
297
OL-20462-01
Defaults
Command History
Usage Guidelines When the idle time interval is 0 minutes, periodic RADIUS server monitoring is not performed.
Examples This example shows how to configure RADIUS server authentication and accounting parameters:
switch(config)# radius-server host 10.10.2.3 key HostKey
switch(config)# radius-server host 10.10.2.3 auth-port 2003
switch(config)# radius-server host 10.10.2.3 acct-port 2004
switch(config)# radius-server host 10.10.2.3 accounting
switch(config)# radius-server host radius2 key 0 abcd
switch(config)# radius-server host radius3 key 7 1234
switch(config)# radius-server host 10.10.2.3 test idle-time 10
switch(config)# radius-server host 10.10.2.3 test username tester
switch(config)# radius-server host 10.10.2.3 test password 2B9ka5
username name Specifies a username in the test packets. The is alphanumeric, not case
timeout seconds Specifies the timeout (in seconds) between retransmissions to the RADIUS
server. The default is 5 seconds and the range is from 1 to 60 seconds.
Parameter Default
Accounting port 1813
Authentication port 1812
Accounting enabled
Authentication enabled
Retransmission count 1
Idle-time none
Server monitoring disabled
Timeout 5 seconds
Test username test
Test password test
R Commands
radius-server host
298
OL-20462-01
R Commands
radius-server key
299
OL-20462-01
radius-server key
To configure a RADIUS shared secret key, use the radius-server key command. To remove a configured
shared secret, use the no form of this command.
radius-server key [0 | 7] shared-secret
no radius-server key [0 | 7] shared-secret
Syntax Description
Defaults Clear text
Command History
Usage Guidelines You must configure the RADIUS preshared key to authenticate the switch on the RADIUS server. The
length of the key is restricted to 63 characters and can include any printable ASCII characters (white
spaces are not allowed). You can configure a global key to be used for all RADIUS server configurations
on the switch. You can override this global key assignment for an individual host by using the key
keyword in the radius-server host command.
Examples This example shows how to provide various scenarios to configure RADIUS authentication:
switch(config)# radius-server key AnyWord
switch(config)# radius-server key 0 AnyWord
switch(config)# radius-server key 7 public pac
communication between the RADIUS client and server.
7 (Optional) Configures a preshared key specified in encrypted text to
authenticate communication between the RADIUS client and server.
shared-secret Preshared key used to authenticate communication between the RADIUS
client and server. The preshared key can include any printable ASCII
characters (white spaces are not allowed), is case sensitive, and has a
R Commands
radius-server key
300
OL-20462-01
R Commands
radius-server retransmit
301
OL-20462-01
radius-server retransmit
To specify the number of times that the device should try a request with a RADIUS server, use the
radius-server retransmit command. To revert to the default, use the no form of this command.
radius-server retransmit count
no radius-server retransmit count
Syntax Description
Defaults 1 retransmission
Command History
Usage Guidelines
Examples This example shows how to configure the number of retransmissions to RADIUS servers:
switch# config t
switch(config)# radius-server retransmit 3
This example shows how to revert to the default number of retransmissions to RADIUS servers:
switch# config t
switch(config)# no radius-server retransmit 3
Related Commands
count Number of times that the device tries to connect to a RADIUS server(s)
before reverting to local authentication. The range is from 1 to 5 times.
Command Description
R Commands
radius-server timeout
302
OL-20462-01
radius-server timeout
To specify the time between retransmissions to the RADIUS servers, use the radius-server timeout
radius-server timeout seconds
no radius-server timeout seconds
Syntax Description
Defaults 5 seconds
Command History
Usage Guidelines
Examples This example shows how to configure the timeout interval:
switch# config t
switch(config)# radius-server timeout 30
This example shows how to revert to the default interval:
switch# config t
switch(config)# no radius-server timeout 30
Related Commands
seconds Number of seconds between retransmissions to the RADIUS server. The
range is from 1 to 60 seconds.
Command Description
R Commands
rate-mode dedicated
303
OL-20462-01
rate-mode dedicated
To set the dedicated rate mode for the specified ports, use the rate-mode dedicated command.
rate-mode dedicated
no rate-mode
Command Default Shared rate mode is the default.
Command History
Usage Guidelines Use the rate-mode dedicated command to set the dedicated rate mode for the specified ports.
On a 32-port 10-Gigabit Ethernet module, each set of four ports can handle 10 gigabits per second (Gb/s)
of bandwidth. You can use the rate-mode parameter to dedicate that bandwidth to the first port in the set
of four ports or share the bandwidth across all four ports.
Note When you dedicate the bandwidth to one port, you must first administratively shut down the ports in the
group, change the rate mode to dedicated, and then bring the dedicated port administratively up.
Table 1-1 identifies the ports that are grouped together to share each 10 Gb/s of bandwidth and which
port in the group can be dedicated to utilize the entire bandwidth.
Table 1-1 Dedicated and Shared Ports
Ports Groups that
Can Share
Bandwidth
Ports that Can be
Dedicated to Each
10-Gigabit Ethernet
of Bandwidth
1, 3, 5, 7 1
2, 4, 6, 8 2
9, 11, 13, 15 9
10, 12, 14, 16 10
R Commands
rate-mode dedicated
304
OL-20462-01
When you enter the rate-mode dedicated command, the full bandwidth of 10 Gb is dedicated to one
port. When you dedicate the bandwidth, all subsequent commands for the port are for dedicated mode.
Examples This example shows how to configure the dedicated rate mode for Ethernet ports 4/17, 4/19, 4/21, and
4/23:
switch# config t
switch(config)# interface ethernet 4/17, ethernet 4/19, ethernet 4/21, ethernet 4/23
switch(config-if)# shutdown
switch(config-if)# interface ethernet 4/17
switch(config-if)# rate-mode dedicated
switch(config-if)# no shutdown
switch(config-if)#
Related Commands
17, 19, 21, 23 17
18, 20, 22, 24 18
25, 27, 29, 31 25
26, 28, 30, 32 26
Table 1-1 Dedicated and Shared Ports
Ports Groups that
Can Share
Bandwidth
Ports that Can be
Dedicated to Each
10-Gigabit Ethernet
of Bandwidth
Command Description
show interface Displays interface information, which includes the current rate mode
dedicated.
R Commands
record
305
OL-20462-01
record
To configure a flow record, use the record command. To remove the flow record configuration, use the
no form of the command.
record {name | netflow ipv4 {original-input | original-output | protocol-port} |
netflow-original}
no record {name | netflow ipv4 {original-input | original-output | protocol-port} |
netflow-original}
Syntax Description
Defaults None
Command Modes Flow monitor (config-flow-monitor)
Command History
Usage Guidelines A flow record defines the information that NetFlow gathers, such as packets in the flow and the types of
counters gathered per flow. You can define new flow records or use the pre-defined flow record.
Examples This example shows how to configure a flow record to use a the predefined traditional IPv4 input
NetFlow record:
switch# config t
switch(config)# flow monitor testmon
switch(config-flow-monitor)# record netflow ipv4 original-input
name Specifies the name of a new flow record.
netflow ipv4 Specifies a predefined flow record that uses traditional IPv4 NetFlow
collection schemes.
original-input Specifies a predefined flow record that uses traditional IPv4 input NetFlow.
original-output Specifies a predefined flow record that uses traditional IPv4 output
NetFlow.
protocol-port Specifies the flow record that uses the protocol and ports aggregation
scheme for the record.
netflow-original Specifies a flow record that uses traditional IPv4 input NetFlow with origin
ASs.
R Commands
record
306
OL-20462-01
This example shows how to remove the predefined traditional IPv4 input NetFlow flow record
configuration:
switch# config t
switch(config)# flow monitor testmon
switch(config-flow-monitor)# no record netflow ipv4 original-input
show flow monitor Displays NetFlow monitor configuration information.
show flow record Displays NetFlow record configuration information.
R Commands
reload module
307
OL-20462-01
reload module
To reload a module in the device, use the reload module command.
reload module slot [force-dnld]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines Use the show hardware command to display information about the hardware on your device.
Examples This example shows how to reload a module:
switch# reload module 2
Related Commands
slot Chassis slot number.
force-dnld (Optional) Forces the download of software to the module.
Command Description
show version Displays information about the software version.
R Commands
remote
308
OL-20462-01
remote
To connect to remote machines, use the remote command. To disconnect, use the no form of this
command.
remote {ip address address | hostname name}
no remote {ip address address | hostname name}
Syntax Description
Defaults None
Command History
Examples This example shows how to connect to a remote machine:
switch(config)# svs connection svsconn1
switch(config-svs-conn)# remote hostname server1
Related Commands
ipaddress Specifies an IP address.
address IPv4 address. The format is A.B.C.D.
hostname Specifies the remote host name.
name Host name. The range of valid values is 1 to 128.
Command Description
R Commands
resequence
309
OL-20462-01
resequence
To resequence a list with sequence numbers, use the resequence command.
resequence {{{ip | mac} access-list} | time-range} name number increment
Syntax Description
Defaults None
Command History
Examples This example shows how to resequence the first entry in the MAC ACL named aclOne
switch(config)# resequence mac access-list aclOne 1 2
switch(config)#
Related Commands
ip Indicates resequencing of an IP access-list.
mac Indicates resequencing of a MAC access-list.
access-list Indicates resequencing of an access list.
time-range Indicates resequencing of a time-range.
name (Optional) List name.
number (Optional) Starting sequence number.
increment (Optional) Step to increment the sequence number.
Command Description
show access-list Displays ACLs.
R Commands
rmdir
310
OL-20462-01
rmdir
To remove a directory, use the rmdir command.
rmdir [filesystem:[//module/]]directory
Syntax Description
Defaults Removes the directory from the current working directory.
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to remove the my_files directory:
switch# rmdir my_files
Related Commands
directory Name of a directory. The name is case sensitive.
Command Description
R Commands
role name
311
OL-20462-01
role name
To create a user role, use the role name command. To remove the role, use the no form of this command.
role name role-name
no role name role-name
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to create a role named UserA:
switch # config t
switch(config)# role name UserA
This example shows how to remove the UserA role:
switch(config)# no role UserA
Related Commands
role-name Creates a user role of this name.
Command Description
show role Displays the available user roles and their rules.
interface policy Denies users assigned to this role access to all interfaces unless specifically
permitted.
permit interface Specifies the interface(s) that users assigned to this role can access.
vlan policy Denies users assigned to this role access to all VLANs unless specifically
permitted.
permit vlan Specifies the VLAN(s) that users assigned to this role can access.
R Commands
run-script
312
OL-20462-01
run-script
To run a command script that is saved in a file, use the run-script command.
run-script {bootflash: | volatile:} filename
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to run a command script that is saved in the Sample file on the Volatile file
system.
switch(config)# run-script volatile:Sample
switch(config)#
Related Commands
bootflash: Indicates that the file containing the command script is located in the Bootflash file
system.
volatile: Indicates that the file containing the command script is located in the Volatile file
system.
filename The name of the file containing the command script. The name is case sensitive.
Command Description
copy Copies files.
dir Displays the contents of the working directory.
pwd Displays the name of the present working directory (pwd).
313
OL-20462-01
S Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter S.
send
To send a message to an open session, use the send command.
send {message | session device message}
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to send a message to an open session:
switch# send session sessionOne testing
switch#
message Message.
session Specifies a specific session.
device Device type.
S Commands
send
314
OL-20462-01
show banner Displays a banner.
S Commands
service-port
315
OL-20462-01
service-port
To configure an inside or outside interface in a virtual service domain (VSD) port profile, use the
service-port command. To remove the configuration, use the no form of this command.
service-port {inside | outside} [default-action {drop | forward}]
no service-port
Syntax Description
Defaults forward default-action
Command History
Usage Guidelines If a port profile without a service port is configured on an SVM, it will flood the network with packets.
When configuring a port profile on an SVM, first bring the SVM down, This prevents a port-profile that
is mistakenly configured without a service port from flooding the network with packets. The SVM can
be returned to service after the configuration is complete and verified.
Examples This example shows how to configure an inside interface on a VSD port profile that drops packets if the
service port is down:
switch# config t
switch(config)# port-profile svm_vsd1_in
switch(config-port-prof)# service-port inside default-action drop
This example shows how to remove a service port configuration:
switch# config t
switch(config)# port-profile svm_vsd1_in
switch(config-port-prof)# no service-port
inside Inside Network
outside Outside Network
default-action (Optional) Action to be taken if service port is down.
drop: drops packets
forward: forwards packets (the default)
S Commands
service-port
316
OL-20462-01
show virtual-service-domain Displays a list of the VSDs currently configured in the VSM,
including VSD names and port profiles.
S Commands
session-limit
317
OL-20462-01
session-limit
To limit the number of VSH sessions, use the session-limit command. To remove the limit, use the no
session-limit number
no session-limit number
Syntax Description
Defaults No limit is set.
Command Modes Line configuration (config-line)
Command History
Examples This example shows how to limit the number of VSH sessions:
switch(config-line)# session-limit 10
This example shows how to remove the limit:
switch(config-line)# no session-limit 10
number Number of VSH sessions. The range of valid values is 1 to 64
S Commands
set
318
OL-20462-01
set
To set QoS class attributes, use the set command. To remove class attributes, use the no form of this
command.
set {{cos cos-val} | {dscp [tunnel] {dscp-val | dscp-enum}} | {precedence [tunnel] {prec-val |
prec-enum}} | {discard-class dis-class-val} | {qos-group qos-grp-val} | {{{cos cos} | {dscp
dscp} | {precedence precedence} | {discard-class discard-class}} table table-map-name} |
{cos1 {{dscp table cos-dscp-map} | {precedence table cos-precedence-map} |
{discard-class table cos-discard-class-map}}} | {dscp1 {{cos table dscp-cos-map} | {prec3
table dscp-precedence-map} | {dis-class3 table dscp-discard-class-map}}} | {prec1 {{cos3
table precedence-cos-map} | {dscp3 table precedence-dscp-map} | {dis-class3 table
precedence-discard-class-map}}} | {dis-class1 {{cos3 table discard-class-cos-map} |
{dscp3 table discard-class-dscp-map} | {prec3 table discard-class-precedence-map}}}}
no set {{cos cos-val} | {dscp [tunnel] {dscp-val | dscp-enum}} | {precedence [tunnel] {prec-val |
prec-enum}} | {discard-class dis-class-val} | {qos-group qos-grp-val} | {{{cos cos} | {dscp
dscp} | {precedence precedence} | {discard-class discard-class}} table table-map-name} |
{cos1 {{dscp table cos-dscp-map} | {precedence table cos-precedence-map} |
{discard-class table cos-discard-class-map}}} | {dscp1 {{cos table dscp-cos-map} | {prec3
table dscp-precedence-map} | {dis-class3 table dscp-discard-class-map}}} | {prec1 {{cos3
table precedence-cos-map} | {dscp3 table precedence-dscp-map} | {dis-class3 table
precedence-discard-class-map}}} | {dis-class1 {{cos3 table discard-class-cos-map} |
{dscp3 table discard-class-dscp-map} | {prec3 table discard-class-precedence-map}}}}
Syntax Description cos Specifies IEEE 802.1Q CoS (Class of Service).
cos-value CoS value. The range of valid values is 0 to 7.
dscp Specifies DSCP (Differentiated Services Code Point) in IPv4 and IPv6 packets.
tunnel (Optional) Specifies DSCP in tunnel encapsulation.
dscp-value DSCP value.
dscp-enum
precedence Precedence in IP(v4) and IPv6 packets.
prec-val IP Precedence value.
prec-enum .
discard-class
dis-class-val
Discard class + Discard class value.
qos-group
qos-grp-val
Qos-group + Qos-group value.
table
table-map-nam
e
Table defining mapping from input to output + Table-map name.
cos1 IEEE 802.1Q class of service.
cos-dscp-map Cos to DSCP Mutation map.
cos-precedenc
e-map
Cos to Precedence Mutation map.
cos-discard-cl
ass-map
Cos to Discard Class Mutation map.
S Commands
set
319
OL-20462-01
Defaults None
Command Modes Policy Map Class Configuration (config-pmap-c-qos)
Command History
Examples This example shows how to set class attributes:
switch(config-pmap-c-qos)# set qos-group 1
dscp1 DSCP in IP(v4) and IPv6 packets.
dscp-cos-map DSCP to COS Mutation map.
prec3 Precedence in IP(v4) and IPv6 packets.
dscp-preceden
ce-map
DSCP to Precedence Mutation map.
dis-class3 Discard class.
dscp-discard-c
lass-map
DSCP to Discard Class Mutation map.
prec1 Precedence in IP(v4) and IPv6 packets.
cos3 IEEE 802.1Q class of service.
precedence-co
s-map
Precedence to COS Mutation map.
dscp3 DSCP in IP(v4) and IPv6 packets.
precedence-ds
cp-map
Precedence to DSCP Mutation map.
precedence-dis
card-class-ma
p
Precedence to Discard Class Mutation map.
dis-class1 Discard class.
discard-class-c
os-map
Discard Class to COS Mutation map.
discard-class-
dscp-map
Discard Class to DSCP Mutation map.
discard-class-
precedence-m
ap
Discard Class to Precedence Mutation map.
S Commands
set
320
OL-20462-01
This example shows how to remove class attributes:
switch(config-pmap-c-qos)# no set qos-group 1
show policy-map Displays policy maps.
S Commands
service-policy
321
OL-20462-01
service-policy
To configure a service policy for an interface, use the service-policy command. To remove the service
policy configuration, use the no form of this command.
service-policy {input name [no-stats] | output name [no-stats] | type qos {input name [no-stats]
| output name [no-stats]}}
no service-policy {input name [no-stats] | output name [no-stats] | type qos {input name
[no-stats] | output name [no-stats]}}
Syntax Description
Defaults No service policy exists.
Command History
Examples This example shows how to configure a service policy for an interface:
switch(config-if)# service-policy type qos input sp10 no-stats
switch(config-if)#
This example shows how to remove a service policy configuration for an interface:
switch(config-if)# no service-policy type qos input sp10 no-stats
switch(config-if)#
Related Commands
input Specifies an input service policy.
name Policy name. The range of valid values is 1 to 40.
no-stats (Optional) Specifies no statistics.
output Specifies an output service policy.
type qos Specifies a QoS service policy.
Command Description
show running
interface
Displays interface configuration information.
S Commands
setup
322
OL-20462-01
setup
To use the Basic System Configuration Dialog for creating or modifying a configuration file, use the
setup command.
setup
Syntax Description This command has no arguments or keywords, but the Basic System Configuration Dialog prompts you
for complete setup information (see the example below).
Defaults None
Command Modes Any
Command History
Usage Guidelines The Basic System Configuration Dialog assumes the factory defaults. Keep this in mind when using it
to modify an existing configuration.
All changes made to your configuration are summarized for you at the completion of the setup sequence
with an option to save the changes or not.
You can exit the setup sequence at any point by pressing Ctrl-C.
Examples This example shows how to use the setup command to create or modify a basic system configuration:
n1000v# setup
Enter the domain id<1-4095>: 400
Enter HA role[standalone/primary/secondary]: standalone
[########################################] 100%
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
*Note: setup is mainly used for configuring the system initially,
S Commands
setup
323
OL-20462-01
when no configuration is present. So setup always assumes system
defaults and not the current system configuration values.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): y
Create another login account (yes/no) [n]: n
Configure read-only SNMP community string (yes/no) [n]: n
Configure read-write SNMP community string (yes/no) [n]: n
Enter the switch name : n1000v
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]:
Mgmt0 IPv4 address :
Configure the default gateway? (yes/no) [y]: n
Configure advanced IP options? (yes/no) [n]:
Enable the telnet service? (yes/no) [y]:
Enable the ssh service? (yes/no) [n]:
Configure the ntp server? (yes/no) [n]:
Configure vem feature level? (yes/no) [n]:
Configure svs domain parameters? (yes/no) [y]:
Enter SVS Control mode (L2 / L3) : l2
Invalid SVS Control Mode
Enter SVS Control mode (L2 / L3) : L2
Enter control vlan <1-3967, 4048-4093> : 400
Enter packet vlan <1-3967, 4048-4093> : 405
The following configuration will be applied:
switchname n1000v
telnet server enable
no ssh server enable
svs-domain
svs mode L2
control vlan 400
packet vlan 405
domain id 400
vlan 400
vlan 405
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]: n
n1000v#
show running-config Displays the running configuration.
S Commands
shutdown
324
OL-20462-01
shutdown
To shutdown VLAN switching, use the shutdown command. To turn on VLAN switching, use the no
shutdown
no shutdown
Defaults None
Command History
Examples This example shows how to shutdown VLAN switching:
switch(config-vlan)# shutdown
This example shows how to turn on VLAN switching:
switch(config-vlan)# no shutdown
Related Commands
Command Description
S Commands
sleep
325
OL-20462-01
sleep
To set a sleep time, use the sleep command.
sleep time
Syntax Description
Defaults Sleep time is not set.
Command Modes Any
network-operator
Command History
Usage Guidelines When you set time to 0, sleep is disabled.
Examples This example shows how to set a sleep time:
switch# sleep 100
switch#
This example shows how to disable sleep:
switch# sleep 0
switch#
time Sleep time, in seconds. The range of valid values is 0 to 2147483647.
S Commands
source mgmt (NetFlow)
326
OL-20462-01
To add an interface to a flow exporter designating it as the source for NetFlow flow records, use the
source command. To remove the source interface from the flow exporter, use the no form of this
command.
source mgmt 0
no source
Syntax Description
Defaults None
Command History
Usage Guidelines The mgmt0 interface is the only interface that can be added to the flow exporter.
Examples This example shows how to add source management interface 0 to the ExportTest flow exporter:
switch(config)# config t
n1000v(config-flow-exporter)# source mgmt 0
This example shows how to remove source management interface 0 from the ExportTest flow exporter:
switch(config)# config t
n1000v(config-flow-exporter)# no source mgmt 0
Related Commands
mgmt 0 Adds the mgmt 0 interface to the flow exporter.
Command Description
S Commands
327
OL-20462-01
Command Description
S Commands
ssh
328
OL-20462-01
ssh
To create a Secure Shell (SSH) session, use the ssh command.
ssh [username@]{ipv4-address | hostname} [vrf vrf-name]
Syntax Description
Defaults Default VRF
Command Modes Any
Command History
Usage Guidelines The NX-OS software supports SSH version 2.
Examples This example shows how to start an SSH session:
switch# ssh 10.10.1.1 vrf management
The authenticity of host '10.10.1.1 (10.10.1.1)' can't be established.
RSA key fingerprint is 9b:d9:09:97:f6:40:76:89:05:15:42:6b:12:48:0f:d6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.1.1' (RSA) to the list of known hosts.
User Access Verification
Password:
Related Commands
username (Optional) Username for the SSH session. The user name is not case
sensitive.
ipv4-address IPv4 address of the remote device.
hostname Hostname of the remote device. The hostname is case sensitive.
vrf vrf-name (Optional) Specifies the virtual routing and forwarding (VRF) name
to use for the SSH session. The VRF name is case sensitive.
Command Description
clear ssh session Clears SSH sessions.
S Commands
ssh key
329
OL-20462-01
ssh key
To create a Secure Shell (SSH) server key for a virtual device context (VDC), use the ssh key command.
To remove the SSH server key, use the no form of this command.
ssh key {dsa [force] | rsa [length [force]]}
no ssh key [dsa | rsa]
Syntax Description
Defaults 1024-bit length
Command History
If you want to remove or replace an SSH server key, you must first disable the SSH server using the no
ssh server enable command.
Examples This example shows how to create an SSH server key using DSA:
switch# config t
switch(config)# ssh key dsa
generating dsa key(1024 bits).....
..
generated dsa key
dsa Specifies the Digital System Algrorithm (DSA) SSH server key.
force (Optional) Forces the replacement of an SSH key.
rsa Specifies the Rivest, Shamir, and Adelman (RSA) public-key
cryptography SSH server key.
length (Optional) Number of bits to use when creating the SSH server key.
The range is from 768 to 2048.
S Commands
ssh key
330
OL-20462-01
This example shows how to create an SSH server key using RSA with the default key length:
switch# config t
switch(config)# ssh key rsa
generating rsa key(1024 bits).....
.
generated rsa key
This example shows how to create an SSH server key using RSA with a specified key length:
switch# config t
switch(config)# ssh key rsa 768
generating rsa key(768 bits).....
.
generated rsa key
This example shows how to replace an SSH server key using DSA with the force option:
switch# config t
switch(config)# no ssh server enable
switch(config)# ssh key dsa force
deleting old dsa key.....
generating dsa key(1024 bits).....
.
generated dsa key
switch(config)# ssh server enable
This example shows how to remove the DSA SSH server key:
switch# config t
XML interface to system may become unavailable since ssh is disabled
switch(config)# no ssh key dsa
This example shows how to remove all SSH server keys:
switch# config t
switch(config)# no ssh key
show ssh key Displays the SSH server key information.
S Commands
ssh server enable
331
OL-20462-01
ssh server enable
To enable the Secure Shell (SSH) server, use the ssh server enable command. To disable the SSH server,
ssh server enable
no ssh server enable
Defaults Disabled
Command History
Examples This example shows how to enable the SSH server:
switch# config t
This example shows how to disable the SSH server:
switch# config t
Related Commands
Command Description
show ssh server Displays the SSH server key information.
S Commands
state (VLAN)
332
OL-20462-01
state (VLAN)
To set the operational state of a VLAN, use the state command. To disable state configuration, use the
state {active | suspend}
no state
Syntax Description
Defaults None
Command History
Examples This example shows how to set the operational state of a VLAN:
switch(config-vlan)# state active
This example shows how to disable state configuration:
switch(config-vlan)# no state
Related Commands
active Specifies the active state.
suspend Specifies the suspended state.
Command Description
S Commands
state (Port Profile)
333
OL-20462-01
state (Port Profile)
To set the operational state of a port profile, use the state command.
state enabled
Syntax Description
Defaults Disabled
Command History
Examples This example shows how to enable or disable the operational state of a port profile:
switch(config)# port-profile testprofile
switch(config-port-prof)# state enabled
Related Commands
enabled Enables or disables the port profile.
Command Description
show port-profile Displays port profile information.
S Commands
statistics per-entry
334
OL-20462-01
To collect statistics for each ACL entry, use the statistics per-entry command. To remove statistics, use
no statistics per-entry
Defaults No statistics are collected.
Command Modes ACL configuration (config-acl)
Command History
Examples This example shows how to collect statistics for each ACL entry:
switch(config)# ip access-list 1
switch(config-acl)# statistics per-entry
switch(config-acl)#
This example shows how to remove statistics:
switch(config)# ip access-list 1
switch(config-acl)# no statistics per-entry
switch(config-acl)#
Related Commands
Command Description
show statistics Displays statistics.
S Commands
sub-group
335
OL-20462-01
sub-group
To configure interface port channel subgroup assignment, use the sub-group {cdp | manual} command.
To remove this configuration, use the no form of this command.
sub-group {cdp | manual}
no sub-group
Syntax Description
Defaults None
Command History
Usage Guidelines Use this command to identify the port channel as being in vPC-HM, which requires traffic to be managed
separately for each upstream switch connected to the member ports. If the upstream switches have CDP
enabled, the Cisco Nexus 1000V can use this information to automatically assign subgroups. If the
upstream swiches do not have CDP enabled, then you must configure subgroups manually.
This command overrides any subgroup configuration specified in the port-profile inherited by the port
channel interface.
Examples This example shows how to configure a subgroup type for a port channel interface:
h1000v# config t
n1000v(config)# interface port-channel 1
n1000v(config-if)# sub-group cdp
h1000v# config t
n1000v(config)# interface port-channel 1
n1000v(config-if)# no sub-group
cdp Specifies that Cisco Discovery Protocol (CDP) information is used to automatically
create subgroups for managing the traffic flow.
manual Specifies that subgroups are configured manually. This option is used if CDP is not
configured on the upstream switches.
4.0 This command was introduced.
4.0(4)SV1(2) The manual keyword was added.
S Commands
sub-group
336
OL-20462-01
show interface port
channel
channel-number
Displays port-channel information.
S Commands
sub-group-id
337
OL-20462-01
sub-group-id
To configure subgroup IDs for Ethernet member ports of vPC-HM, use the sub-group-id command. To
remove the subgroup IDs, use the no form of this command.
sub-group-id group_id
no sub-group-id
Syntax Description
Defaults None
Command History
Examples This example shows how to configure an Ethernet member port on subgroup 5:
n1000v# config t
n1000v(config)# interface Ethernet 3/2
n1000v(config-if)# sub-group-id 1
n1000v# config t
n1000v(config)# interface Ethernet 3/2
n1000v(config-if)# no sub-group-id
Related Commands
group_id Subgroup ID number. Range is from 0 to 31.
4.0 This command was introduced.
4.0(4)SV1(2) The number of subgroups was increased to 32.
Command Description
show interface
ethernet slot/port
Displays information about Ethernet interfaces.
S Commands
svs connection
338
OL-20462-01
svs connection
To enable an SVS connection, use the svs connection command. To disable an SVS connection, use the
svs connection name
no svs connection name
Syntax Description
Defaults None
Command History
Usage Guidelines Only one SVS connection can be enabled per session.
Examples This example shows how to enable an SVS connection:
switch(config)# svs connection conn1
This example shows how to disable an SVS connection:
switch(config)# no svs connection conn1
switch(config)#
Related Commands
name Connection name.
Command Description
S Commands
svs-domain
339
OL-20462-01
svs-domain
To configure an SVS domain and enter SVS domain configuration mode, use the svs-domain command.
svs-domain
Defaults None
Command History
Usage Guidelines
Examples This example shows how to enter SVS domain configuration mode to configure an SVS domain:
Related Commands
Command Description
S Commands
svs license transfer src-vem
340
OL-20462-01
To transfer licenses from a specified source VEM to another VEM, or to transfer an unused license to
the VSM license pool, use the svs license transfer src-vem command.
svs license transfer src-vem module number [ dst-vem module number | license_pool ]
Syntax Description
Defaults None
Command History
Usage Guidelines Licenses cannot be transferred to a VEM unless there are sufficient licenses in the pool for all CPUs
on that VEM.
When licenses are successfully transferred from one VEM to another, then the following happens:
The virtual Ethernet interfaces on the source VEM are removed from service.
The virtual Ethernet interfaces on the destination VEM are brought into service.
When licenses are successfully transferred from a VEM to the VSM license pool, then the following
happens:
The virtual Ethernet interfaces on the source VEM are removed from service.
dst-vem
module-number
Specifies the VEM to receive the transferred license.
license_pool Transfers a license back to the VSM license pool.
S Commands
341
OL-20462-01
Examples This example shows how to transfer a license from VEM 3 to VEM 5, and then display the license
configuration:
n1000v# config t
n1000v(config)# svs license transfer src-vem 3 dst-vem 5
n1000v(config)# show license usage NEXUS1000V_LAN_SERVICES_PKG
Application
-----------
VEM 5 - Socket 1
VEM 5 - Socket 2
VEM 4 - Socket 1
VEM 4 - Socket 2
-----------
n1000v#
This example shows how to transfer a license from VEM 3 to the VSM license pool, and then display
the license configuration:
n1000v# config t
n1000v(config)# svs license transfer src-vem 3 license_pool
n1000v(config)# show license usage NEXUS1000V_LAN_SERVICES_PKG
Application
-----------
VEM 4 - Socket 1
VEM 4 - Socket 2
-----------
n1000v#
show license usage Displays the number and location of CPU licenses in use on your VEMs.
logging level license Designates the level of severity at which license messages should be
logged.
src-vem
S Commands
svs license volatile
342
OL-20462-01
To enable volatile licenses so that, whenever a VEM is taken out of service, its licenses are returned to
the VSM pool of available licenses, use the svs license volatile command. To disable volatile licenses,
no svs license volatile
Defaults Disabled
Command History
Usage Guidelines
Caution Service Disruption
Volatile licenses are removed from a VEM during a loss in connectivity and are not returned to the VEM
when connectivity resumes. Cisco recommends that the volatile license feature remain disabled and that
you, instead, transfer unused licenses using the svs license transfer src-vem command.
Examples This example shows how to enable the volatile license feature for a VSM:
n1000v(config)# svs license volatile
n1000v(config)#
This example shows how to disable the volatile license feature for a VSM:
n1000v(config)# no svs license volatile
S Commands
343
OL-20462-01
show license Displays the license configuration for the VSM.
logging level license Designates the level of severity at which license messages should be
logged.
src-vem
S Commands
svs mode
344
OL-20462-01
svs mode
To configure a transport mode for control and packet traffic in the VSM domain, use the svs mode
command.
svs mode L2 | svs mode L3 interface { mgmt0 | control0 }
Syntax Description
Defaults Layer 2 mode
Command Modes SVS Domain Configuration (config-svs-domain)
Command History
Usage Guidelines If you use mgmt0 as the L3 control interface, then in the VSM VM, Ethernet adaptors 1 and 3 are not
used
If you use control0 as the L3 control interface, then in the VSM VM, Ethernet adaptor 3 is not used.
Examples This example shows how to configure the Layer 3 transport mode for the VSM domain:
n1000v# config t
n1000v(config)# svs-domain
n1000v(config-svs-domain)# svs mode l3 interface mgmt0
n1000v(config-svs-domain)#
Related Commands
L2 Configures the transport mode for the VSM domain as Layer 2.
L3 interface Configures the following:
transport mode for the VSM domain as Layer 3
Layer 3 transport interface as one of the following:
control0
mgmt0
Command Description
show svs-domain Displays the VSM domain configuration.
svs-domain Creates and configures the VSM domain.
S Commands
switchname
345
OL-20462-01
switchname
To configure the hostname for the device, use the switchname command. To revert to the default, use
switchname name
no switchname
Syntax Description
Defaults switch
Command History
Usage Guidelines The Cisco NX-OS software uses the hostname in command-line interface (CLI) prompts and in default
configuration filenames.
The switchname command performs the same function as the hostname command.
Examples This example shows how to configure the device hostname:
switch(config)# switchname Engineering2
Engineering2(config)#
This example shows how to revert to the default device hostname:
Engineering2# configure terminal
Engineering2(config)# no switchname
switch(config)#
Related Commands
name Name for the device. The name is alphanumeric, case sensitive, can contain
special characters, and can have a maximum of 32 characters.
Command Description
hostname Configures the device hostname.
show switchname Displays the device hostname.
S Commands
switchport access vlan
346
OL-20462-01
switchport access vlan
To set the access mode of an interface, use the switchport access vlan command. To remove access
mode configuration, use the no form of this command.
switchport access vlan id
no switchport access vlan
Syntax Description
Defaults Access mode is not set.
Port Profile Configuration (config-port-prof)
Command History
Examples This example shows how to set the access mode of an interface:
switch(config-if)# switchport access vlan 10
switch(config-if)#
This example shows how to remove access mode configuration:
switch(config-if)# no switchport access vlan
switch(config-if)#
Related Commands
id VLAN identification number. The range of valid values is 1 to 3967.
Command Description
show interface Displays interface information.
S Commands
switchport mode
347
OL-20462-01
switchport mode
To set the port mode of an interface, use the switchport mode command. To remove the port mode
switchport mode {access | private-vlan {host | promiscuous} | trunk}
no switchport mode {access | private-vlan {host | promiscuous} | trunk}
Syntax Description
Defaults Switchport mode is not set.
Command History
Examples This example shows how to set the port mode of an interface:
switch(config-if)# switchport mode private-vlan host
switch(config-if)#
This example shows how to remove mode configuration:
switch(config-if)# no switchport mode private-vlan host
switch(config-if)#
Related Commands
access Sets port mode access.
private-vlan Sets the port mode to private VLAN.
host Sets the port mode private VLAN to host.
promiscuous Sets the port mode private VLAN to promiscuous.
trunk Sets the port mode to trunk.
Command Description
S Commands
switchport port-security
348
OL-20462-01
To set the port security characteristics of an interface, use the switchport port-security command. To
remove the port security configuration, use the no form of this command.
switchport port-security [aging {time time | type {absolute | inactivity}} | mac-address {address
[vlan id] |sticky} | maximum number [vlan id] | violation {protect | shutdown}]
no switchport port-security [aging {time time | type {absolute | inactivity}} | mac-address
{address [vlan id] |sticky} | maximum number [vlan id] | violation {protect | shutdown}]}
Syntax Description
Defaults None
Command History
Examples This example shows how to set the port security aging inactivity timer:
aging Configures port security aging characteristics.
time Specifies the port security aging time.
time Aging time in minutes, in the range of 0 to 1440.
type Specifies the type of timers.
absolute Specifies an absolute timer.
inactivity Specifies an inactivity timer.
mac-address
address
Specifies a 48-bit MAC address in the format HHHH.HHHH.HHHH.
vlan Specifies the VLAN where the MAC address should be secured.
sticky Specifies a sticky MAC address.
maximum
number
Specifies the maximum number of addresses, in the range of 1 to 1025.
violation Specifies the security violation mode.
protect Specifies the security violation protect mode.
shutdown Specifies the security violation shutdown mode.
S Commands
349
OL-20462-01
switch(config-if)# switchport port-security aging type inactivity
switch(config-if)#
This example shows how to remove the port security aging inactivity timer:
switch(config-if)# no switchport port-security aging type inactivity
switch(config-if)#
show port-security Displays port security information.
S Commands
switchport private-vlan host-association
350
OL-20462-01
To define a private VLAN association for an isolated or community port, use the switchport private-vlan
host-association command. To remove the private VLAN association from the port, use the no form of
this command.
switchport private-vlan host-association {primary-vlan-id} {secondary-vlan-id}
no switchport private-vlan host-association
Syntax Description
Defaults None
Command History
Usage Guidelines There is no run-time effect on the port unless it is in private VLAN-host mode. If the port is in private
VLAN-host mode but neither of the VLANs exist, the command is allowed but the port is made inactive.
The port also may be inactive when the association between the private VLANs is suspended.
The secondary VLAN may be an isolated or community VLAN.
Examples This example shows how to configure a host private VLAN port with a primary VLAN (VLAN 18) and
a secondary VLAN (VLAN 20):
switch(config-if)# switchport private-vlan host-association 18 20
switch(config-if)#
This example shows how to remove the private VLAN association from the port:
switch(config-if)# no switchport private-vlan host-association
switch(config-if)#
Related Commands
primary-vlan-id Number of the primary VLAN of the private VLAN relationship.
secondary-vlan-id Number of the secondary VLAN of the private VLAN relationship.
S Commands
351
OL-20462-01
Command Description
show vlan private-vlan
[type]
Displays information on private VLANs.
S Commands
switchport private-vlan mapping
352
OL-20462-01
To define the private VLAN association for a promiscuous port, use the switchport private-vlan mapping
command. To clear all mapping from the primary VLAN, use the no form of this command.
switchport private-vlan mapping {primary-vlan-id} {[add] secondary-vlan-list |
remove secondary-vlan-list}
no switchport private-vlan mapping
Syntax Description
Defaults None
Command History
Usage Guidelines There is no run-time effect on the port unless it is in private VLAN-promiscuous mode. If the port is in
private VLAN-promiscuous mode but the primary VLAN does not exist, the command is allowed but the
port is made inactive.
The secondary VLAN may be an isolated or community VLAN.
primary-vlan-id Number of the primary VLAN of the private VLAN relationship.
add Associates the secondary VLANs to the primary VLAN.
secondary-vlan-list Number of the secondary VLAN of the private VLAN relationship.
remove Clears the association between the secondary VLANs and the primary
VLAN.
S Commands
353
OL-20462-01
Examples This example shows how to configure the associate primary VLAN 18 to secondary isolated VLAN 20
on a private VLAN promiscuous port:
switch(config-if)# switchport private-vlan mapping 18 20
switch(config-if)#
This example shows how to add a VLAN to the association on the promiscuous port:
switch(config-if)# switchport private-vlan mapping 18 add 21
switch(config-if)#
This example shows how to remove the all private VLAN association from the port:
switch(config-if)# no switchport private-vlan mapping
switch(config-if)#
show interface
switchport
Displays information on all interfaces configured as switchports.
show interface
private-vlan mapping
Displays the information about the private VLAN mapping for VLAN
interfaces, or SVIs.
S Commands
switchport private-vlan mapping trunk
354
OL-20462-01
switchport private-vlan mapping trunk
To designate the primary private VLAN, use the switchport private-vlan trunk mapping trunk
command. To remove the primary private VLAN, use the no form of this command.
switchport private-vlan trunk native vlan id
no switchport private-vlan trunk native vlan
Syntax Description
Defaults None
Command History
Usage Guidelines When you use this command, you must either add a secondary VLAN, or remove a VLAN.
Examples This example shows how to designate the primary private VLAN:
switch(config-if)# switch(config-if)# switchport private-vlan mapping trunk 10 add 11
switch(config-if)#
This example shows how to remove the primary private VLAN:
switch(config-if)# switch(config-if)# no switchport private-vlan mapping trunk 10
switch(config-if)#
Related Commands
Command Description
S Commands
switchport trunk allowed vlan
355
OL-20462-01
To set the list of allowed VLANs on the trunking interface, use the switchport trunk allowed vlan
command. To allow all VLANs on the trunking interface, use the no form of this command.
switchport trunk allowed vlan {vlan-list | all | none | [add | except | remove {vlan-list}]}
no switchport trunk allowed vlan
Syntax Description
Defaults All VLANs
vlan-list Allowed VLANs that transmit through this interface in tagged format
when in trunking mode; the range of valid values is from 1 to 4094.
all Allows all appropriate VLANs to transmit through this interface in tagged
format when in trunking mode.
none Blocks all VLANs transmitting through this interface in tagged format
when in trunking mode.
add (Optional) Adds the defined list of VLANs to those currently set instead
of replacing the list.
except (Optional) Allows all VLANs to transmit through this interface in tagged
format when in trunking mode except the specified values.
remove (Optional) Removes the defined list of VLANs from those currently set
instead of replacing the list.
S Commands
356
OL-20462-01
Command History
Usage Guidelines You must enter the switchport command without any keywords to configure the LAN interface as a
Layer 2 interface before you can enter the switchport trunk allowed vlan command. This action is
required only if you have not entered the switchport command for the interface.
If you remove VLAN 1 from a trunk, the trunk interface continues to send and receive management
traffic in VLAN 1.
Examples This example shows how to add a series of consecutive VLANs to the list of allowed VLANs on a
trunking port:
switch(config-if)# switchport trunk allowed vlan add 40-50
switch(config-if)#
Related Commands
Command Description
show interface
switchport
Displays the administrative and operational status of a switching
(nonrouting) port.
S Commands
switchport trunk native vlan
357
OL-20462-01
switchport trunk native vlan
To configure trunking parameters on an interface, use the switchport trunk native vlan command. To
remove the configuration, use the no form of this command.
switchport trunk native vlan id
no switchport trunk native vlan
Syntax Description
Defaults None
Command History
Examples This example shows how to configure trunking parameters on an interface:
switch(config-if)# switchport trunk native vlan 20
switch(config-if)#
Related Commands
Command Description
S Commands
system redundancy role
358
OL-20462-01
system redundancy role
To configure a redundancy role for the VSM, use the system redundancy role command. To revert to
the default setting, use the no form of the command.
system redundancy role {primary | secondary | standalone}
no system redundancy role {primary | secondary | standalone}
Syntax Description
Command Modes EXEC
Command History
Usage Guidelines
Examples This example shows how to configure no redundant VSM:
switch# system redundancy role standalone
switch#
Related Commands
primary Specifies the primary redundant VSM.
secondary Specifies the secondary redundant VSM.
standalone Specifies no redundant VSM.
Command Description
show system
redundancy
Displays the system redundancy status.
S Commands
system switchover
359
OL-20462-01
system switchover
To switch over to the standby supervisor, use the system switchover command.
system switchover
Command Modes EXEC
Command History
Usage Guidelines
Examples This example shows how to switch over to the standby supervisor:
switch# system switchover
switch#
Related Commands
Command Description
show system
redundancy
Displays the system redundancy status.
S Commands
system update vem feature level
360
OL-20462-01
system update vem feature level
To change the software version supported on VEMs, use the system update vem feature level
command.
system update vem feature level [version_number]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to change the software version supported:
switch# system update vem feature level
Error : the feature level is set to the highest value possible
switch#
Related Commands
version_number (Optional) version number index from the list above.
Command Description
show system vem
feature level
Displays the current software release supported.
361
OL-20462-01
Show Commands
This chapter describes the Cisco Nexus 1000V show commands.
Note This chapter is a work in progress and does not yet include all show commands.
show aaa accounting
To display the AAA accounting configuration, use the show aaa accounting command.
show aaa accounting
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the accounting configuration:
switch# show aaa accounting
default: local
switch#
Show Commands
show aaa accounting
362
OL-20462-01
aaa accounting login Configures the console or default login accounting method.
show running-config
aaa [all]
Displays the AAA configuration as it currently exists in the running
configuration.
Show Commands
363
OL-20462-01
To display the configuration for AAA authentication, use the show aaa authentication command.
show aaa authentication [login error-enable | login mschap]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the configured authentication parameters:
switch# show aaa authentication
default: local
console: local
This example shows how to display the authentication-login error-enable configuration:
switch# show aaa authentication login error-enable
disabled
This example shows how to display the authentication-login MSCHAP configuration:
switch# show aaa authentication login mschap
disabled
Related Commands
login error-enable (Optional) Displays the authentication login error message enable
configuration.
login mschap (Optional) Displays the authentication login MS-CHAP enable configuration.
Command Description
aaa authentication login Configures the console or default login authentication method.
show running-config aaa [all] Displays the AAA configuration as it currently exists in the running
configuration.
Show Commands
show aaa groups
364
OL-20462-01
show aaa groups
To display the configured AAA server groups, use the show aaa groups command.
show aaa groups
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display AAA group information:
switch# show aaa groups
radius
TacServer
Related Commands
Command Description
aaa group Configures an AAA server group.
show running-config aaa [all] Displays the AAA configuration as it currently exists in the running
configuration.
Show Commands
show accounting log
365
OL-20462-01
show accounting log
To display the accounting log contents, use the show accounting log command.
show accounting log [size] [start-time year month day HH:MM:SS]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the entire accounting log:
switch# show accounting log
Wed Jul 22 02:09:44 2009:update:vsh.3286:root:configure terminal ; port-profile Unused_O
r_Quarantine_Uplink ; capability uplink (SUCCESS)
Wed Jul 22 07:57:50 2009:update:171.71.55.185@pts/2:admin:configure terminal ; flow reco
rd newflowrecord (SUCCESS)
Wed Jul 22 08:48:57 2009:start:swordfish-build1.cisco.com@pts:admin:
Wed Jul 22 08:49:03 2009:stop:swordfish-build1.cisco.com@pts:admin:shell terminated grac
efully
Wed Jul 22 08:50:36 2009:update:171.71.55.185@pts/2:admin:configure terminal ; no flow r
ecord newflowrecord (SUCCESS)
Thu Jul 23 07:21:50 2009:update:vsh.29016:root:configure terminal ; port-profile Unused_
Or_Quarantine_Veth ; state enabled (SUCCESS)
Thu Jul 23 10:25:19 2009:start:171.71.55.185@pts/5:admin:
Thu Jul 23 11:07:37 2009:update:171.71.55.185@pts/5:admin:enabled aaa user default role
enabled/disabled
doc-n1000v(config)#
size (Optional) Size of the log to display in bytes. The range is from 0 to 250000.
start-time year month
day HH:MM:SS
(Optional) Specifies a start time as follows.
The year is shown in the yyyy format, such as 2009.
The month is shown in the three-letter English abbreviation, such as
Feb.
The day of the month is shown as a number from 1 to 31.
Hours, minutes, and seconds are shown in the standard 24-hour format,
such as 16:00:00.
Show Commands
show accounting log
366
OL-20462-01
This example shows how to display 400 bytes of the accounting log:
switch# show accounting log 400
Sat Feb 16 21:15:24 2008:update:/dev/pts/1_172.28.254.254:admin:show accounting log
start-time 2008 Feb 16 18:31:21
Sat Feb 16 21:15:25 2008:update:/dev/pts/1_172.28.254.254:admin:show system uptime
Sat Feb 16 21:15:26 2008:update:/dev/pts/1_172.28.254.254:admin:show clock
This example shows how to display the accounting log starting at 16:00:00 on February 16, 2008:
switch(config)# show accounting log start-time 2008 Feb 16 16:00:00
Sat Feb 16 16:00:18 2008:update:/dev/pts/1_172.28.254.254:admin:show logging log file
start-time 2008 Feb 16 15:59:16
start-time 2008 Feb 16 12:05:16
start-time 2008 Feb 16 16:00:16
start-time 2008 Feb 16 12:05:16
start-time 2008 Feb 16 16:01:16
start-time 2008 Feb 16 12:05:16
clear accounting log Clears the accounting log.
Show Commands
show cdp
367
OL-20462-01
show cdp
To display your Cisco Discovery Protocol (CDP) configuration, use the show cdp command.
show cdp {all | entry {all | name s0} | global | interface if0 | traffic interface if2}
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to display the global CDP configuration:
n1000v(config)# show cdp global
Sending a holdtime value of 10 seconds
Sending CDPv2 advertisements is disabled
Sending DeviceID TLV in Mac Address Format
This example shows how to display the CDP configuration for a specified interface:
n1000v(config)# show cdp interface ethernet 2/3
Ethernet2/3 is up
CDP enabled on interface
all Display all interfaces in CDP database.
entry Display CDP entries in database.
name name Display a specific CDP entry matching a name.
global Display CDP parameters for all interfaces.
interface interface Display CDP parameters for a specified interface.
traffic interface
interface
Display CDP traffic statistics.
Show Commands
show cdp
368
OL-20462-01
This example shows how to display the CDP traffic statistics for a specified interface:
n1000v(config)# show cdp traffic interface ethernet 2/3
----------------------------------------
Traffic statistics for Ethernet2/3
Input Statistics:
Total Packets: 98
Valid CDP Packets: 49
CDP v1 Packets: 49
CDP v2 Packets: 0
Invalid CDP Packets: 49
Unsupported Version: 49
Checksum Errors: 0
Malformed Packets: 0
Output Statistics:
Total Packets: 47
CDP v1 Packets: 47
CDP v2 Packets: 0
Send Errors: 0
This example shows how to display CDP parameters for all interfaces:
n1000v# show cdp all
Ethernet2/2 is up
Ethernet2/3 is up
Ethernet2/4 is up
Ethernet2/5 is up
Ethernet2/6 is up
mgmt0 is up
show cdp neighbors Displays the configuration and capabilities of upstream devices.
cdp enable In interface mode, enables CDP on an interface.
In EXEC mode, enables CDP for your device.
cdp advertise Assigns the CDP version to advertise.
Show Commands
show cdp neighbors
369
OL-20462-01
show cdp neighbors
To display the configuration and capabilities of upstream devices, use the show cdp neighbors
command.
show cdp neighbors [interface if] detail
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to display the configuration and capabilities of upstream devices:
n1000v(config)# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
Device ID Local Intrfce Hldtme Capability Platform Port ID
swordfish-6k-2 Eth2/2 169 R S I WS-C6503-E Gig1/14
This example shows how to display configuration and capabilities of upstream devices for a specific
interface:
n1000v(config)# show cdp neighbors interface ethernet 2/3
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
interface if (Optional) Show CDP neighbors for a specified interface.
detail Show the detailed configuration of all CDP neighbors.
Show Commands
show cdp neighbors
370
OL-20462-01
s - Supports-STP-Dispute
Device ID Local Intrfce Hldtme Capability Platform Port ID
show cdp Displays the CDP configuration and capabilities for your device.
cdp enable In interface mode, enables CDP on an interface.
In EXEC mode, enables CDP for your device.
cdp advertise Assigns the CDP version to advertise.
Show Commands
show interface counters trunk
371
OL-20462-01
show interface counters trunk
To display the counters for Layer 2 switch port trunk interfaces, use the show interface counters trunk
command.
show interface {ethernet slot/port} counters trunk
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines The device supports only IEEE 802.1Q encapsulation. This command also displays the counters for
trunk port channels.
Examples This example shows how to display the counters for a trunk interface. This display shows the frames
transmitted and received through the trunk interface, as well as the number of frames with the wrong
trunk encapsulation:
switch# show interface ethernet 2/9 counters trunk
---------------------------------------------------------------------
Port TrunkFramesTx TrunkFramesRx WrongEncap
---------------------------------------------------------------------
Ethernet2/9 0 0 0
switch#
Related Commands
ethernet slot/port Specifies the module number and port number for the trunk interface
that you want to display.
Command Description
clear counters
interface
Clears the counters for the specified interfaces.
Show Commands
show interface ethernet
372
OL-20462-01
To display information about Ethernet interfaces, use the show interface ethernet command.
show interface ethernet slot/port [brief | capabilities | debounce | description | flowcontrol |
mac-address | switchport | trunk]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display statistical information for Ethernet interface 3/2:
n1000v# show interface ethernet 3/2
Ethernet3/2 is up
Hardware: Ethernet, address: 0050.5652.a9ba (bia 0050.5652.a9ba)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 0/255, txload 0/255, rxload 0/255
slot/port Slot number of the interface that you want to display. The slot number range is
from 1 to 66, and the port number range is from 1 to 256.
brief (Optional) Specifies to display only a brief summary of the information for the
specified interface.
capabilities (Optional) Specifies to display capability information for the specified interface.
debounce (Optional) Specifies to display interface debounce time information.
description (Optional) Specifies to display the description of the specified interface.
flowcontrol (Optional) Specifies to display information about the flow-control status and
statistics on received and transmitted flow-control pause packets for the specified
interface.
mac-address (Optional) Specifies to display MAC address information for the specified
interface.
switchport (Optional) Specifies to display information for the specified interface including
access and trunk modes.
trunk (Optional) Specifies to display trunk mode information for the specified
interface.
4.0(4)SV1(2) Displays 5-minute input and output packet/bit rate statistics for the
specified Ethernet interface.
Show Commands
373
OL-20462-01
Encapsulation ARPA
Port mode is trunk
full-duplex, 1000 Mb/s
Beacon is turned off
Auto-Negotiation is turned off
Input flow-control is off, output flow-control is off
Auto-mdix is turned on
Switchport monitor is off
5 minute input rate 570 bytes/second, 6 packets/second
5 minute output rate 220 bytes/second, 0 packets/second
Rx
7570522 Input Packets 1120178 Unicast Packets
5340163 Multicast Packets 1110181 Broadcast Packets
647893616 Bytes
Tx
1177170 Output Packets 1168661 Unicast Packets
7269 Multicast Packets 1240 Broadcast Packets 0 Flood Packets
252026472 Bytes
4276048 Input Packet Drops 0 Output Packet Drops
1 interface resets
clear interface Clears the interface statistics.
Show Commands
show interface ethernet counters
374
OL-20462-01
To display the counters for an Ethernet interface, use the show interface ethernet counters command.
show interface ethernet slot/port counters [brief | detailed | errors | snmp | storm-control |
trunk]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display counters for Ethernet interface 3/2:
n1000v# show interface ethernet 3/2 counters
--------------------------------------------------------------------------------
Port InOctets InUcastPkts InMcastPkts InBcastPkts
--------------------------------------------------------------------------------
Eth3/2 684023652 1182824 5637863 1171780
--------------------------------------------------------------------------------
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts
--------------------------------------------------------------------------------
n1000v# 265927107 1233866 7269 1240
brief (Optional) Specifies to display only a brief summary of the counter information
for the specified interface.
detailed (Optional) Specifies to display the nonzero counters for the specified interface.
errors (Optional) Specifies to display the interface error counters for the specified
interface.
snmp (Optional) Specifies to display the SNMP MIB values for the specified interface.
storm-control (Optional) Specifies to display the storm-control counters for the specified
interface.
trunk (Optional) Specifies to display the trunk counters for the specified interface.
Show Commands
375
OL-20462-01
Show Commands
show interface ethernet status
376
OL-20462-01
show interface ethernet status
To display the status for an Ethernet interface, use the show interface ethernet status command.
show interface ethernet slot/port status [err-disable]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display the err-disabled status for Ethernet interface 3/2:
n1000v# show interface ethernet 3/2 status err-disabled
--------------------------------------------------------------------------------
Port Name Status Reason
--------------------------------------------------------------------------------
Eth3/2 -- up none
Related Commands
err-disabled (Optional) Specifies to display the err-disabled state for the specified interface.
Command Description
Show Commands
show interface ethernet transceiver
377
OL-20462-01
show interface ethernet transceiver
To display the transceiver information for an Ethernet interface, use the show interface ethernet
transceiver command.
show interface ethernet slot/port transceiver [calibrations | details]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display transceiver information for Ethernet interface 3/2:
n1000v# show interface ethernet 3/2 transceiver calibrations
Ethernet3/2
sfp is not applicable
Related Commands
calibrations (Optional) Specifies to display the calibration information for the specified
interface.
details (Optional) Specifies to display detailed information for the specified interface.
Command Description
Show Commands
show interface port-channel
378
OL-20462-01
To display descriptive information about port channels, use the show interface port-channel command.
show interface port-channel channel-number [brief | description | flowcontrol | status |
switchport | trunk]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines To display more statistics for the specified port channels, use the show interface port-channel counters
command.
Examples This example shows how to display information for a specific port channel. This command displays
statistical information gathered on the port channel at 1-minute intervals:
switch(config)# show interface port-channel 50
port-channel50 is down (No operational members)
Hardware is Port-Channel, address is 0000.0000.0000 (bia 0000.0000.0000)
MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,
channel-number Number of the port-channel group. Valid values are from 1 to 4096.
brief (Optional) Specifies the summary information for specified port
channels.
description (Optional) Specifies the description of specified port channels.
flowcontrol (Optional) Specifies information about the flow-control status control
for specified port channels and the statistics on received and
transmitted flow-control pause packets.
status (Optional) Specifies information about the status for specified port
channels.
switchport (Optional) Specifies information for specified Layer 2 port channels
including access and trunk modes.
trunk (Optional) Specifies information for specified Layer 2 port channels
on the trunk mode.
Show Commands
379
OL-20462-01
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
auto-duplex, auto-speed
Input flow-control is off, output flow-control is off
Switchport monitor is off
Members in this channel: Eth2/10
Last clearing of "show interface" counters 2d71.2uh
5 minute input rate 0 bytes/sec, 0 packets/sec
5 minute output rate 0 bytes/sec, 0 packets/sec
Rx
0 input packets 0 unicast packets 0 multicast packets
0 broadcast packets 0 jumbo packets 0 storm suppression packets
0 bytes
Tx
0 output packets 0 multicast packets
0 broadcast packets 0 jumbo packets
0 bytes
0 input error 0 short frame 0 watchdog
0 no buffer 0 runt 0 CRC 0 ecc
0 overrun 0 underrun 0 ignored 0 bad etype drop
0 bad proto drop 0 if down drop 0 input with dribble
0 input discard
0 output error 0 collision 0 deferred
0 late collision 0 lost carrier 0 no carrier
0 babble
0 Rx pause 0 Tx pause 0 reset
This example shows how to display a brief description for a specific port channel, including the mode
for the port channel, the status, speed, and protocol:
switch# show interface port-channel 5 brief
--------------------------------------------------------------------------------
Port-channel VLAN Type Mode Status Reason Speed Protocol
Interface
--------------------------------------------------------------------------------
eth access down No operational members auto(D) lacp
This example shows how to display the description for a specific port channel:
switch# show interface port-channel 5 description
-------------------------------------------------------------------------------
Interface Description
-------------------------------------------------------------------------------
port-channel5 test
This example shows how to display the flow-control information for a specific port channel:
switch# show interface port-channel 50 flowcontrol
------------------------------------------------------------------------------
Port Send FlowControl Receive FlowControl RxPause TxPause
admin oper admin oper
------------------------------------------------------------------------------
Po50 off off off off 0 0
This example shows how to display the status of a specific port channel:
switch# show interface port-channel 5 status
--------------------------------------------------------------------------------
Port Name Status Vlan Duplex Speed Type
Show Commands
380
OL-20462-01
--------------------------------------------------------------------------------
test down 1 auto auto --
This example shows how to display information for a specific Layer 2 port channel:
switch# show interface port-channel 50 switchport
Name: port-channel50
Switchport: Enabled
Switchport Monitor: Not enabled
Operational Mode: trunk
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1-3967,4048-4093
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
This command displays information for Layer 2 port channels in both the access and trunk modes.
When you use this command for a routed port channel, the device returns the following message:
Name: port-channel20
Switchport: Disabled
This example shows how to display information for a specific Layer 2 port channel that is in trunk mode:
switch# show interface port-channel 5 trunk
switch# show interface port-channel 50 trunk
port-channel50 is down (No operational members)
Hardware is Ethernet, address is 0000.0000.0000
MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec
Port mode is access
Speed is auto-speed
Duplex mode is auto
Receive flow-control is off, Send flow-control is off
Rate mode is dedicated
Members in this channel: Eth2/10
Native Vlan: 1
Allowed Vlans: 1-3967,4048-4093
This command displays information for only Layer 2 port channels in the trunk modes; you cannot
display information about Layer 2 port channels in the access mode with this command.
show interface
port-channel counters
Displays the statistics for channel groups.
show port-channel
summary
Displays summary information for all channel groups.
Show Commands
show interface port-channel counters
381
OL-20462-01
To display information about port-channel statistics, use the show interface port-channel counters
command.
show interface port-channel channel-number counters [brief | detailed [all | snmp] | errors
[snmp] | trunk]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines This command displays statistics for all port channels including LACP-enabled port channels and those
port channels that are not associated with an aggregation protocol.
Examples This example shows how to display the counters for a specific port channel. This display shows the
transmitted and received unicast and multicast packets:
switch# show interface port-channel 2 counters
Po2 6007 1 31 1
channel-number Number of the port-channel group. Valid values are from 1 to 4096.
brief (Optional) Specifies the rate MB/s and total frames for specified port
channels.
detailed (Optional) Specifies the nonzero counters for specified port channels.
all (Optional) Specifies the counters for specified port channels.
snmp (Optional) Specifies the SNMP MIB values for specified port
channels.
errors (Optional) Specifies the interface error counters for specified port
channels.
trunk (Optional) Specifies the interface trunk counters for specified port
channels.
Show Commands
382
OL-20462-01
Po2 4428 1 25 1
switch#
This example shows how to display the brief counters for a specific port channel. This display shows the
transmitted and received rate and total frames:
switch# show interface port-channel 20 counters brief
-------------------------------------------------------------------------------
Interface Input (rate is 1 min avg) Output (rate is 1 min avg)
------------------------- -----------------------------
Rate Total Rate Total
MB/s Frames MB/s Frames
-------------------------------------------------------------------------------
port-channel20 0 0 0 0
This example shows how to display all the detailed counters for a specific port channel:
switch# show interface port-channel 20 counters detailed all
port-channel20
64 bit counters:
0. rxHCTotalPkts = 0
1. txHCTotalPks = 0
2. rxHCUnicastPkts = 0
3. txHCUnicastPkts = 0
4. rxHCMulticastPkts = 0
5. txHCMulticastPkts = 0
6. rxHCBroadcastPkts = 0
7. txHCBroadcastPkts = 0
8. rxHCOctets = 0
9. txHCOctets = 0
10. rxTxHCPkts64Octets = 0
11. rxTxHCpkts65to127Octets = 0
17. rxHCTrunkFrames = 0
18. txHCTrunkFrames = 0
19. rxHCDropEvents = 0
All Port Counters:
0. InPackets = 0
1. InOctets = 0
2. InUcastPkts = 0
3. InMcastPkts = 0
4. InBcastPkts = 0
5. InJumboPkts = 0
6. StormSuppressPkts = 0
7. OutPackets = 0
8. OutOctets = 0
9. OutUcastPkts = 0
10. OutMcastPkts = 0
11. OutBcastPkts = 0
12. OutJumboPkts = 0
13. rxHCPkts64Octets = 0
14. rxHCPkts65to127Octets = 0
17. rxHCpkts512to1023Octets = 0
20. txHCPkts64Octets = 0
Show Commands
383
OL-20462-01
21. txHCPkts65to127Octets = 0
24. txHCpkts512to1023Octets = 0
27. ShortFrames = 0
28. Collisions = 0
29. SingleCol = 0
30. MultiCol = 0
31. LateCol = 0
32. ExcessiveCol = 0
33. LostCarrier = 0
34. NoCarrier = 0
35. Runts = 0
36. Giants = 0
37. InErrors = 0
38. OutErrors = 0
39. InputDiscards = 0
40. BadEtypeDrops = 0
41. IfDownDrops = 0
42. InUnknownProtos = 0
43. txCRC = 0
44. rxCRC = 0
45. Symbol = 0
46. txDropped = 0
47. TrunkFramesTx = 0
48. TrunkFramesRx = 0
49. WrongEncap = 0
50. Babbles = 0
51. Watchdogs = 0
52. ECC = 0
53. Overruns = 0
54. Underruns = 0
55. Dribbles = 0
56. Deferred = 0
57. Jabbers = 0
58. NoBuffer = 0
59. Ignored = 0
60. bpduOutLost = 0
61. cos0OutLost = 0
62. cos1OutLost = 0
63. cos2OutLost = 0
64. cos3OutLost = 0
65. cos4OutLost = 0
66. cos5OutLost = 0
67. cos6OutLost = 0
68. cos7OutLost = 0
69. RxPause = 0
70. TxPause = 0
71. Resets = 0
72. SQETest = 0
73. InLayer3Routed = 0
74. InLayer3RoutedOctets = 0
75. OutLayer3Routed = 0
76. OutLayer3RoutedOctets = 0
77. OutLayer3Unicast = 0
78. OutLayer3UnicastOctets = 0
79. OutLayer3Multicast = 0
80. OutLayer3MulticastOctets = 0
81. InLayer3Unicast = 0
82. InLayer3UnicastOctets = 0
83. InLayer3Multicast = 0
84. InLayer3MulticastOctets = 0
Show Commands
384
OL-20462-01
85. InLayer3AverageOctets = 0
86. InLayer3AveragePackets = 0
87. OutLayer3AverageOctets = 0
88. OutLayer3AveragePackets = 0
This example shows how to display the error counters for a specific port channel:
switch# show interface port-channel 5 counters errors
--------------------------------------------------------------------------------
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards
--------------------------------------------------------------------------------
Po5 0 0 0 0 0 0
--------------------------------------------------------------------------------
Port Single-Col Multi-Col Late-Col Exces-Col Carri-Sen Runts
--------------------------------------------------------------------------------
Po5 0 0 0 0 0 0
--------------------------------------------------------------------------------
Port Giants SQETest-Err Deferred-Tx IntMacTx-Er IntMacRx-Er Symbol-Err
--------------------------------------------------------------------------------
0 -- 0 0 0 0
This example shows how to display information about the trunk interfaces for a specific port channel:
switch# show interface port-channel 5 counters trunk
-------------------------------------------------------------------------------
Port TrunkFramesTx TrunkFramesRx WrongEncap
-------------------------------------------------------------------------------
port-channel5 0 0 0
clear counters
channel-number
Clears the statistics for all interfaces that belong to a specific channel group.
Show Commands
show interface switchport
385
OL-20462-01
To display information about switchport interfaces, use the show interface switchport command.
show interface [ethernet slot number| port-channel channel number] switchport
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If you do not specify an interface, this command displays information about all Layer 2 interfaces,
including access, trunk, and port channel interfaces and all private VLAN ports.
Examples This example shows how to display information for all Layer 2 interfaces:
switch# show interface switchport
Name: Ethernet2/5
Switchport: Enabled
Operational Mode: access
Name: Ethernet2/9
Switchport: Enabled
ethernet slot number (Optional) Specify the slot number for the display of an
ethernet switchport interface.
port- channel channel-number (Optional) Specify the channel number for the display of a
port channel switchport interface.
Show Commands
386
OL-20462-01
Operational Mode: trunk
Name: port-channel5
Switchport: Enabled
Operational Mode: access
switch#
switchport mode Sets the specified interfaces as either Layer 2 access or trunk interfaces.
show interface
counters
Displays statistics for a specified Layer 2 interface.
Show Commands
show interface trunk
387
OL-20462-01
To display information about all the trunk interfaces, use the show interface trunk command.
show interface [ethernet type/slot | port-channel channel-number] trunk [module number | vlan
vlan-id]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If you do not specify an interface, a module number or a VLAN number, the system displays information
for all trunk interfaces.
This command displays information about all Layer 2 trunk interfaces and trunk port-channel interfaces.
Use the show interface counters command to display statistics for the specified Layer 2 interface.
Examples This example shows how to display information for all Layer 2 trunk interfaces:
switch(config)# show interface trunk
-----------------------------------------------------------------------------
Port Native Status Port
Vlan Channel
-----------------------------------------------------------------------------
Eth2/9 1 trunking --
Eth2/10 1 trnk-bndl Po50
Po50 1 not-trunking --
-----------------------------------------------------------------------------
Port Vlans Allowed on Trunk
-----------------------------------------------------------------------------
ethernet
type/slot | port-
channel
channel-number
(Optional) Type and number of the interface you want to display.
module number (Optional) Specifies the module number.
vlan vlan-id (Optional) Specifies the VLAN number.
Show Commands
388
OL-20462-01
Eth2/9 1-3967,4048-4093
Eth2/10 1-3967,4048-4093
Po50 1-3967,4048-4093
-----------------------------------------------------------------------------
Port STP Forwarding
-----------------------------------------------------------------------------
Eth2/9 none
Eth2/10 none
Po50 none
switch#
switchport mode
trunk
Sets the specified interfaces as Layer 2 trunk interfaces.
Show Commands
show interface vethernet
389
OL-20462-01
To display statistical information about vEthernet interfaces, use the show interface vethernet
command.
show interface vethernet interface-number [brief | description | mac-address | switchport |
trunk]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display statistical information for vEthernet interface 1:
n1000v# show interface vethernet 1
Vethernet1 is up
Port description is gentoo, Network Adapter 1
Hardware is Virtual, address is 0050.5687.3bac
Owner is VM "gentoo", adapter is Network Adapter 1
Active on module 4
VMware DVS port 1
Port-Profile is vm
Port mode is access
5 minute input rate 1 bytes/second, 0 packets/second
5 minute output rate 94 bytes/second, 1 packets/second
interface-number (Optional) Number of the interface that you want to display. The range is from 1
to 1048575.
brief (Optional) Specifies to display only a brief summary of information for the
specified interface.
description (Optional) Specifies to display the description of the specified interface.
mac-address (Optional) Specifies to display MAC address information for the specified
interface.
switchport (Optional) Specifies to display switchport information for the specified interface,
including access and trunk modes.
trunk (Optional) Specifies to display trunk mode information for the specified
interface.
4.0(4)SV1(2) Displays 5-minute input and output packet/bit rate statistics for the
specified vEthernet interface.
Show Commands
390
OL-20462-01
Rx
655 Input Packets 594 Unicast Packets
0 Multicast Packets 61 Broadcast Packets
114988 Bytes
Tx
98875 Output Packets 1759 Unicast Packets
80410 Multicast Packets 16706 Broadcast Packets 0 Flood Packets
6368452 Bytes
0 Input Packet Drops 0 Output Packet Drops
Show Commands
show interface vethernet counters
391
OL-20462-01
show interface vethernet counters
To display the counters for a vEthernet interface, use the show interface vethernet counters command.
show interface vethernet interface-number counters [brief | detailed | errors | trunk]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display counters for vEthernet interface 1:
n1000v# show interface vethernet 1 counters
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Veth1 2434320 5024 12 32363
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Veth1 4357946 4910 127 64494
Related Commands
interface-number Number of the interface that you want to display. The range is from 1 to 1048575.
brief (Optional) Specifies to display only a brief summary of counter information for
the specified interface.
detailed (Optional) Specifies to display the nonzero counters for the specified interface.
errors (Optional) Specifies to display the interface error counters for the specified
interface.
trunk (Optional) Specifies to display the trunk counters for the specified interface.
Command Description
Show Commands
show interface vethernet status
392
OL-20462-01
show interface vethernet status
To display the status for a vEthernet interface, use the show interface vethernet status command.
show interface vethernet interface-number status [err-disable]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display the err-disabled status for vEthernet interface 1:
n1000v# show interface vethernet 1 status err-disabled
--------------------------------------------------------------------------------
Port Name Status Reason
--------------------------------------------------------------------------------
Veth1 VM1-48, Network Ad up none
n1000v#
Related Commands
interface-number Number of the interface that you want to display. The range is from 1 to 1048575.
err-disabled (Optional) Specifies to display the err-disabled state for the specified interface.
Command Description
Show Commands
show ip arp inspection interface
393
OL-20462-01
show ip arp inspection interface
To display the trust state for the specified interface, use the show ip arp inspection interface command.
show ip arp inspection interface vethernet interface-number
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the trust state for a trusted interface:
n1000v# show ip arp inspection interface vethernet 6
Interface Trust State
------------- -----------
vEthernet 6 Trusted
n1000v#
Related Commands
vethernet number Specifies that the output is for a vEthernet interface.
Command Description
ip arp inspection vlan Enables Dynamic ARP Inspection (DAI) for a specified list of VLANs.
statistics
Displays the DAI statistics.
Show Commands
show ip arp inspection statistics
394
OL-20462-01
show ip arp inspection statistics
Use the show ip arp inspection statistics command to display the Dynamic ARP Inspection (DAI)
statistics. You can specify a VLAN or range of VLANs.
show ip arp inspection statistics [vlan vlan-list]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the DAI statistics for VLAN 1:
n1000v# show ip arp inspection statistics vlan 1
Vlan : 1
-----------
ARP Req Forwarded = 0
ARP Res Forwarded = 0
ARP Req Dropped = 0
ARP Res Dropped = 0
DHCP Drops = 0
DHCP Permits = 0
SMAC Fails-ARP Req = 0
SMAC Fails-ARP Res = 0
DMAC Fails-ARP Res = 0
IP Fails-ARP Req = 0
IP Fails-ARP Res = 0
n1000v#
Related Commands
vlan vlan-list (Optional) Specifies the list of VLANs for which to display DAI statistics. Valid
VLAN IDs are from 1 to 4096.
Command Description
clear ip arp inspection
statistics vlan
Clears the DAI statistics for a specified VLAN.
interface
Show Commands
show ip dhcp snooping
395
OL-20462-01
To display general status information for DHCP snooping, use the show ip dhcp snooping command.
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display general status information about DHCP snooping:
n1000v# show ip dhcp snooping
DHCP snooping service is enabled
Switch DHCP snooping is enabled
DHCP snooping is configured on the following VLANs:
1,13
DHCP snooping is operational on the following VLANs:
1
Insertion of Option 82 is disabled
Verification of MAC address is enabled
DHCP snooping trust is configured on the following interfaces:
Interface Trusted
------------ -------
vEthernet 3 Yes
n1000v#
Related Commands
Command Description
binding
Displays IP-MAC address bindings, including the static IP source entries.
Show Commands
396
OL-20462-01
statistics
Displays DHCP snooping statistics.
show running-config
dhcp
Displays DHCP snooping configuration.
Command Description
Show Commands
show ip dhcp snooping binding
397
OL-20462-01
To display IP-to-MAC address bindings for all interfaces or a specific interface, use the show ip dhcp
snooping binding command.
show ip dhcp snooping binding [IP-address] [MAC-address] [interface vethernet
interface-number] [vlan vlan-id]
show ip dhcp snooping binding [dynamic]
show ip dhcp snooping binding [static]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines The command output includes static IP source entries. Static entries appear with the term static in the
Type column.
IP-address (Optional) IPv4 address that the bindings shown must include.
Valid entries are in dotted-decimal format.
MAC-address (Optional) MAC address that the bindings shown must include.
Valid entries are in dotted-hexadecimal format.
interface
vethernet
interface-number
(Optional) Specifies the vEthernet interface that the bindings shown
must be associated with.
vlan vlan-id (Optional) Specifies a VLAN ID that the bindings shown must be
associated with. Valid VLAN IDs are from 1 to 4096.
dynamic (Optional) Limits the output to all dynamic IP-MAC address
bindings.
static (Optional) Limits the output to all static IP-MAC address bindings.
Show Commands
398
OL-20462-01
Examples This example shows how to show all bindings:
n1000v# show ip dhcp snooping binding
MacAddress IpAddress LeaseSec Type VLAN Interface
----------------- --------------- -------- ---------- ---- -------------
0f:00:60:b3:23:33 10.3.2.2 infinite static 13 vEthernet 6
0f:00:60:b3:23:35 10.2.2.2 infinite static 100 vEthernet 10
n1000v#
Show Commands
show ip verify source
399
OL-20462-01
show ip verify source
To display the IP-to-MAC address bindings, use the show ip verify source command.
show ip verify source [ interface {vethernet interface-number }]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the IP-to-MAC address bindings:
n1000v# show ip verify source
n1000v#
Related Commands
interface (Optional) Specifies that the output is limited to IP-to-MAC address bindings for
an interface.
vethernet
interface-number
Specifies the vEthernet interface. Range is from 1 to 1048575.
Command Description
ip source binding Creates a static IP source entry for the specified Ethernet interface.
ip verify source
dhcp-snooping-vlan
Enables IP Source Guard on an interface.
Show Commands
show lacp counters
400
OL-20462-01
show lacp counters
To display information about Link Aggregation Control Protocol (LACP) statistics, use the show lacp
counters command.
show lacp counters [interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If you do not specify the channel-number, all channel groups are displayed.
Examples This example shows how to display the LACP statistics for a specific channel group:
switch# show lacp counters interface port-channel 1
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
-----------------------------------------------------------------------------
port-channel1
Ethernet1/1 554 536 0 0 0 0 0
Ethernet1/2 527 514 0 0 0 0 0
Ethernet1/3 535 520 0 0 0 0 0
Ethernet1/4 515 502 0 0 0 0 0
Ethernet1/5 518 505 0 0 0 0 0
Ethernet1/6 540 529 0 0 0 0 0
Ethernet1/7 541 530 0 0 0 0 0
Ethernet1/8 547 532 0 0 0 0 0
Ethernet1/9 544 532 0 0 0 0 0
Ethernet1/10 513 501 0 0 0 0 0
Ethernet1/11 497 485 0 0 0 0 0
Ethernet1/12 493 486 0 0 0 0 0
Ethernet1/13 492 485 0 0 0 0 0
Ethernet1/14 482 481 0 0 0 0 0
Ethernet1/15 481 476 0 0 0 0 0
Ethernet1/16 482 477 0 0 0 0 0
channel-number (Optional) Number of the LACP channel group. Valid values are from
1 to 4096.
Show Commands
show lacp counters
401
OL-20462-01
clear lacp counters Clears the statistics for all LACP interfaces or those interfaces that belong
to a specific LACP channel group.
Show Commands
show lacp interface
402
OL-20462-01
show lacp interface
To display information about specific Link Aggregation Control Protocol (LACP) interfaces, use the
show lacp interface command.
show lacp interface ethernet slot/port
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines The LACP_Activity field displays whether the link is configured in the active or passive port-channel
mode.
The Port Identifier field displays the port priority as part of the information. The part of the information
in this field is the port number. The following example shows how to identify the port priority and the
port number:
Port Identifier=0x8000,0x101
The port priority value is 0x8000, and the port number value is 0x101 in this example.
Examples This example shows how to display the LACP statistics for a specific channel group:
switch# show lacp interface ethernet 1/1
switch(config-if-range)# show lacp interface eth1/1
Interface Ethernet1/1 is up
Channel group is 1 port channel is Po1
PDUs sent: 556
PDUs rcvd: 538
Markers sent: 0
Markers rcvd: 0
Marker response sent: 0
Marker response rcvd: 0
Unknown packets rcvd: 0
Illegal packets rcvd: 0
Lag Id: [ [(8000, 0-11-11-22-22-74, 0, 8000, 101), (8000, 0-11-11-22-22-75, 0, 8
000, 401)] ]
slot/port Slot number and port number for the interface you want to display.
Show Commands
show lacp interface
403
OL-20462-01
Operational as aggregated link since Wed Jun 11 20:37:59 2008

Local Port: Eth1/1 MAC Address= 0-11-11-22-22-74
System Identifier=0x8000,0-11-11-22-22-74
Operational key=0
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Synchronization=IN_SYNC
Collecting=true
Distributing=true
Partner information refresh timeout=Long Timeout (90s)
Actor Admin State=
Actor Oper State=
Neighbor: 4/1
MAC Address= 0-11-11-22-22-75
System Identifier=0x8000,0-11-11-22-22-75
Operational key=0
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Synchronization=IN_SYNC
Collecting=true
Distributing=true
Partner Admin State=
Partner Oper State=
show port-channel
summary
Displays information about all port-channel groups.
Show Commands
show lacp neighbor
404
OL-20462-01
show lacp neighbor
To display information about Link Aggregation Control Protocol (LACP) neighbors, use the show lacp
neighbor command.
show lacp neighbor [interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display the information about the LACP neighbors for a specific port
channel:
switch# show lacp neighbor interface port-channel 1
Flags: S - Device is sending Slow LACPDUs F - Device is sending Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
port-channel1 neighbors
Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/1 32768,0-11-11-22-22-750x401 44817 SA

LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x0 0x3d

Partner's information
Partner Partner Partner
Port System ID Port Number Age Flags
Eth1/2 32768,0-11-11-22-22-750x402 44817 SA

LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x0 0x3d
channel-number Port-channel number for the LACP neighbor that you want to display.
The range of values is from 1 to 4096.
Show Commands
show lacp neighbor
405
OL-20462-01
show port-channel
summary
Show Commands
show lacp port-channel
406
OL-20462-01
To display information about Link Aggregation Control Protocol (LACP) port channels, use the show
lacp port-channel command.
show lacp port-channel [interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display the information about LACP port channels:
switch# show lacp port-channel
port-channel1
Local System Identifier=0x8000,0-11-11-22-22-74
Admin key=0x0
Operational key=0x0
Partner System Identifier=0x8000,0-11-11-22-22-75
Operational key=0x0
Max delay=0
Aggregate or individual=1
port-channel2
Local System Identifier=0x8000,0-11-11-22-22-74
Admin key=0x1
Operational key=0x1
Partner System Identifier=0x8000,0-11-11-22-22-75
Operational key=0x1
Max delay=0
Aggregate or individual=1
channel-number Port-channel number for the LACP channel group that you want to
display. The range of values is from 1 to 4096.
Show Commands
407
OL-20462-01
show port-channel
summary
Show Commands
show lacp system-identifier
408
OL-20462-01
To display the Link Aggregation Control Protocol (LACP) system identifier for the device, use the show
lacp system-identifier command.
Defaults None
Command Modes Any
Command History
Usage Guidelines The LACP system ID is the combination of the configurable LACP system priority value and the MAC
address.
Each system that runs LACP has an LACP system priority value. You can accept the default value of
32768 for this parameter, or you can configure a value between 1 and 65535. LACP uses the system
priority with the MAC address to form the system ID and also uses the system priority during negotiation
with other devices. A higher system priority value means a lower priority.
The system ID is different for each virtual device context (VDC).
Examples This example shows how to display the information about the LACP port channel for a specific port
channel:
switch> show lacp system-identifier
8000,AC-12-34-56-78-90
Related Commands
Command Description
lacp system-priority Sets the system priority for LACP.
Show Commands
show license
409
OL-20462-01
show license
To display the content of all the license files that are installed on the virtual supervisor module (VSM),
use the show license command.
show license
Syntax Description None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the content of all the license files that are installed on the VSM:
n1000v# show license
license_file.lic:
VENDOR cisco
INCREMENT NEXUS1000V_LAN_SERVICES_PKG cisco 1.0 permanent 16 \
HOSTID=VDH=8449368321243879080 \
NOTICE="<LicFileID>kathleen.lic</LicFileID><LicLineID>0</LicLineID> \
<PAK>dummyPak</PAK>" SIGN=34FCB2B24AE8
n1000v#
Related Commands
Command Description
show license brief Displays a list of license files that are installed on the VSM.
show license usage
[package-name]
Displays the license packages that are supported on the VSM. Optionally,
you can display a specific license package.
Show Commands
show license brief
410
OL-20462-01
show license brief
To display a list of license files that are installed on the virtual supervisor module (VSM), use the show
license brief command.
show license brief
Syntax Description None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the content of all the license files that are installed on the VSM:
n1000v# show license brief
license_file.lic
n1000v#
Related Commands
Command Description
show license Displays the content of all the license files that are installed on the VSM.
show license usage
[package-name]
Displays the license packages that are supported on the VSM. Optionally,
you can display a specific license package.
Show Commands
show license usage
411
OL-20462-01
show license usage
To display the various license packages that are supported on the virtual supervisor module (VSM), use
the show license usage command.
show license usage [package-name]
Syntax Description
Command Modes Any
network-operator
Command History
Examples This example shows how to display a brief summary of the various license packages that are supported
on the VSM:
n1000v# show license usage
Feature Ins Lic Status Expiry Date Comments
Count
--------------------------------------------------------------------------------
NEXUS1000V_LAN_SERVICES_PKG No 16 In use Never -
n1000v# ------------------------------------------------------------------------
This example shows how to display the license usage information for a specific license package:
Example:
n1000v# show license usage NEXUS1000V_LAN_SERVICES_PKG
--------------------------------------
Feature Usage Info
--------------------------------------
Installed Licenses : 10
Eval Licenses : 0
Max Overdraft Licenses : 16
Installed Licenses in Use : 4
Overdraft Licenses in Use : 0
Eval Licenses in Use : 0
Licenses Available : 22
--------------------------------------
Application
--------------------------------------
VEM 3 - Socket 1
VEM 3 - Socket 2
VEM 4 - Socket 1
VEM 4 - Socket 2
package-name (Optional) Name of a license file. In the Cisco Nexus 1000V, the VSM supports only
one package (NEXUS1000V_LAN_SERVICES_PKG).
Show Commands
show license usage
412
OL-20462-01
--------------------------------------
n1000v#
show license Displays the content of all the license files that are installed on the VSM.
show license brief Displays a list of license files that are installed on the VSM.
show license
package-name
Displays the content of a specific license file that is installed on the VSM.
In the Cisco Nexus 1000V, the VSM supports only one package
(NEXUS1000V_LAN_SERVICES_PKG).
Show Commands
show logging logfile
413
OL-20462-01
show logging logfile
To display the contents of the log file, use the show logging logfile command.
show logging logfile [start-time time | end-time time]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the contents of the logfile:
switch# show logging logfile start-time 2009 Aug 23 22:00:00 end-time 2009 Aug 24 24:00:00
2009 Aug 23 22:58:00 doc-n1000v %PORTPROFILE-5-SYNC_COMPLETE: Sync completed.
2009 Aug 24 23:53:15 doc-n1000v %MODULE-5-MOD_OK: Module 3 is online (serial: )
2009 Aug 24 23:53:15 doc-n1000v %PLATFORM-5-MOD_STATUS: Module 3 current-status is MOD_S
TATUS_ONLINE/OK
switch#
Related Commands
start-time (Optional)Specify the starting time for which you want the logfile displayed.
end-time (Optional) Specify the ending time for which you want the logfile displayed.
time Specify the time as follows:
Time Description
yyyy Specify the year.
mmm Specify the month, for example, jan, feb, mar.
dd Specify the day of month, for example 01.
hh:mm:ss Specify the hour, minutes, seconds, for example, 04:00:00.
Command Description
logging logfile Configures the log file used to store system messages.
Show Commands
show logging module
414
OL-20462-01
show logging module
To display the current configuration for logging module messages to the log file, use the show logging
module command.
show logging module
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the configuration for logging of messages to the log file:
switch# show logging module
Logging linecard: disabled
switch#
Related Commands
Command Description
logging module Starts logging of module messages to the log file.
Show Commands
show logging server
415
OL-20462-01
show logging server
To display the current server configuration for logging system messages, use the show logging server
command.
show logging server
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the :
switch# show logging server
Logging server: enabled
{172.28.254.253}
server severity: notifications
server facility: local7
server VRF: management
switch#
Related Commands
Command Description
logging server Designates a remote server for system message logging, and configures it.
Show Commands
show logging timestamp
416
OL-20462-01
To display the unit of measure used in the system messages timestamp, use the show logging timestamp
command.
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to display the unit of measure used in the system messages timestamp:
switch# show logging timestamp
Logging timestamp: Seconds
switch#
Related Commands
Command Description
logging timestamp Sets the unit of measure for the system messages timestamp.
Show Commands
show port-channel compatibility-parameters
417
OL-20462-01
To display the parameters that must be the same among the member ports in order to join a port channel,
use the show port-channel compatibility parameters command.
Defaults None
Command Modes Any
Command History
Usage Guidelines When you add an interface to a channel group, the software checks certain interface attributes to ensure
that the interface is compatible with the channel group. For example, you cannot add a Layer 3 interface
to a Layer 2 channel group. The software also checks a number of operational attributes for an interface
before allowing that interface to participate in the port-channel aggregation.
This command displays the list of compatibility checks that the system uses.
Using the channel-group command, you can force ports with incompatible parameters to join the port
channel as long as the following parameters are the same:
(Link) speed capability
Speed configuration
Duplex capability
Duplex configuration
Flow-control capability
Flow-control configuration
Note See the channel-group command for information about forcing ports to join a port channel.
Examples This example shows how to display the list of compatibility checks that the system makes before an
interface to a channel group:
switch# show port-channel compatibility-parameters
Show Commands
418
OL-20462-01
* port mode
Members must have the same port mode configured, either E or AUTO. If they
are configured in AUTO port mode, they have to negotiate E mode when they
come up. If a member negotiates a different mode, it will be suspended.
* speed
Members must have the same speed configured. If they are configured in AUTO
speed, they have to negotiate the same speed when they come up. If a member
negotiates a different speed, it will be suspended.
* MTU
Members have to have the same MTU configured. This only applies to ethernet
port-channel.
* MEDIUM
Members have to have the same medium type configured. This only applies to
ethernet port-channel.
* Span mode
Members must have the same span mode.
* sub interfaces
Members must not have sub-interfaces.
* Duplex Mode
Members must have same Duplex Mode configured.
* Ethernet Layer
Members must have same Ethernet Layer (switchport/no-switchport) configured.
* Span Port
Members cannot be SPAN ports.
* Storm Control
Members must have same storm-control configured.
* Flow Control
Members must have same flowctrl configured.
* Capabilities
Members must have common capabilities.
* port
Members port VLAN info.
* port
Members port does not exist.
* switching port
Show Commands
419
OL-20462-01
Members must be switching port, Layer 2.
* port access VLAN
Members must have the same port access VLAN.
* port native VLAN
Members must have the same port native VLAN.
* port allowed VLAN list
Members must have the same port allowed VLAN list.
channel-group Adds or removes interfaces to port-channel groups and assigns the
port-channel mode to the interface.
Show Commands
show port-channel database
420
OL-20462-01
To display information about the current running of the port channels, use the show port-channel
database command.
show port-channel database [interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines If you do not specify the channel-number, all channel groups are displayed. This command displays Link
Aggregation Control Protocol (LACP)-enabled ports channels and port channels without an associated
aggregation protocol.
Examples This example shows how to display information on the current running of all port channels:
switch# show port-channel database
port-channel5
Administrative channel mode is active
Operational channel mode is active
Last membership update is successful
1 ports in total, 0 ports up
Age of the port-channel is 1d:16h:18m:50s
Time since last bundle is 1d:16h:18m:56s
Last bundled member is
Ports: Ethernet2/5 [down]
port-channel20
channel-number Port-channel number for the information that you want to display. The
range of values is from 1 to 4096.
Show Commands
421
OL-20462-01
This example shows how to display information on the current running of a specific port channel:
switch# show port-channel database interface port-channel 20
port-channel20
show port-channel
summary
Displays a summary of information about all port channels.
Show Commands
show port-channel load-balance
422
OL-20462-01
show port-channel load-balance
To display information about load-balancing using port channels, use the show port-channel
load-balance command.
show port-channel load-balance [forwarding-path interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Examples This example shows how to display information about the current port-channel load balancing for the
system:
switch# show port-channel load-balance
Port Channel Load-Balancing Configuration:
System: source-dest-ip-vlan
Port Channel Load-Balancing Addresses Used Per-Protocol:
Non-IP: source-dest-mac
IP: source-dest-ip-vlan
Related Commands
forwarding-pat
h interface
port-channel
(Optional) Identifies the port in the port channel that forwards the
packet.
channel-number Port-channel number for the load-balancing forwarding path that you
want to display. The range of values is from 1 to 4096.
Command Description
port-channel
load-balance ethernet
Configures load balancing using port channels.
Show Commands
show port-channel rbh-distribution
423
OL-20462-01
show port-channel rbh-distribution
To display information about the Result Bundle Hash (RBH) for port channels, use the show
port-channel rbh-distribution command.
show port-channel rbh-distribution [interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines The RBH value ranges from 0 to 7 and is shared among port members in a port channel.
Examples This example shows how to display RBH distribution for a specific port channel:
switch# show port-channel rbh-distribution interface port-channel 4
ChanId Member port RBH values Num of buckets
-------- ------------- ----------------- ----------------
4 Eth3/13 4,5,6,7 4
4 Eth3/14 0,1,2,3 4
Related Commands
channel-number Port-channel number for the information the you want to display. The
range of values is from 1 to 4096.
Command Description
port-channel
summary
Displays summary information on port channels.
Show Commands
show port-channel summary
424
OL-20462-01
To display summary information about the port channels, use the show port-channel summary
command.
Defaults None
Command Modes Any
Command History
Usage Guidelines If the Link Aggregation Control Protocol (LACP) is not enabled, the output shows NONE in the Protocol
column of the display.
A channel-group interface can be in the following operational states:
DownThe interface is down because it is administratively shut down or some other reason not
related to port channels.
IndividualThe interface is part of a port channel but unable to aggregate into a port channel
because of protocol exchange problems.
This interface continues to forward traffic as an individual link.
STP is aware of this interface.
SuspendedThe operational parameters of the interface are not compatible with the port channel.
This interface is not forwarding traffic, although the physical MAC link state is still up.
SwitchedThe interface is switched.
Up (port channel)The port channel is up.
Up in port channel (members)The port member of the port channel is up.
Hot standby (LACP only)The interface is eligible to join the port group if one of the interfaces
currently participating in the LACP channel goes down.
This interface does not forward data traffic, only protocol data units (PDUs).
This interface does not run STP.
Module-removedThe module has been removed.
Show Commands
425
OL-20462-01
RoutedThe interface is routed.
Examples This example shows how to display summary information for the port channels:
switch# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
-------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
-------------------------------------------------------------------
5 Po5(SD) Eth LACP Eth2/5(D)
20 Po20(RD) Eth LACP Eth2/20(D)
show port-channel
usage
Displays the port-channel numbers used and available.
show port-channel
traffic
Displays transmitted and received unicast, multicast, and broadcast
percentages for the port channels.
Show Commands
show port-channel traffic
426
OL-20462-01
show port-channel traffic
To display traffic statistics for port channels, use the show port-channel traffic command.
show port-channel traffic [interface port-channel channel-number]
Syntax Description
Defaults None
Command Modes Any
Command History
Usage Guidelines This command displays the percentage of transmitted and received unicast, multicast, and broadcast
traffic on the port channel.
If you do not specify the channel-number, information for all port channels is displayed.
Examples This example shows how to display the traffic statistics for all port channels:
switch(config)# show port-channel traffic
ChanId Port Rx-Ucst Tx-Ucst Rx-Mcst Tx-Mcst Rx-Bcst Tx-Bcst
------ --------- ------- ------- ------- ------- ------- -------
5 Eth2/5 0.0% 0.0% 0.0% 0.0% 0.0% 0.0%
------ --------- ------- ------- ------- ------- ------- -------
20 Eth2/20 0.0% 0.0% 0.0% 0.0% 0.0% 0.0%
This example shows how to display the traffic statistics for a specific port channel:
switch(config)# show port-channel traffic interface port-channel 5
ChanId Port Rx-Ucst Tx-Ucst Rx-Mcst Tx-Mcst Rx-Bcst Tx-Bcst
------ --------- ------- ------- ------- ------- ------- -------
5 Eth2/5 0.0% 0.0% 0.0% 0.0% 0.0% 0.0%
Related Commands
channel-number Port-channel number for the traffic statistics that you want to display.
The range of values is from 1 to 4096.
Command Description
port-channel
summary
Displays summary information about port channels.
Show Commands
show port-channel usage
427
OL-20462-01
To display the port-channel numbers used and available, use the show port-channel usage command.
Defaults None
Command Modes Any
Command History
Usage Guidelines This command displays port-channel numbers used and available in the virtual device context (VDC)
that you are monitoring.
The number of port-channel numbers available across all VDCs for the entire system is from 1 to 4096.
Examples This example shows how to display the usage for all port channels:
switch# show port-channel usage
Totally 2 port-channel numbers used
====================================
Used : 5 , 20
Unused: 1 - 4 , 6 - 19 , 21 - 4096
switch#
Related Commands
Command Description
port-channel
summary
Displays summary information about port channels.
Show Commands
show port-profile
428
OL-20462-01
show port-profile
To display configurations for port profiles, use the show port-profile command.
show port-profile [name prof_name]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples The following example shows how to display the configuration of port profile UplinkProfile1:
n1000v(config-port-prof)# show port-profile name UplinkProfile1
port-profile UplinkProfile1
description: "Profile for critical system ports"
type: ethernet
status: disabled
system vlans: none
port-group: UplinkProfile1
max ports: -
inherit:
config attributes:
no shutdown
name (Optional) Specifies to display information about a specific port profile.
prof_name Name of the port profile to display.
4.0(4)SV1(2) This command shows the port profile type and does not show the capability
uplink. This command also shows pinning and channel-group
configuration.
Show Commands
show port-profile
429
OL-20462-01
no shutdown
show running-config
port-profile
Displays the running configurations of port profiles.
Show Commands
show running-config interface port-channel
430
OL-20462-01
show running-config interface port-channel
To display the running configuration for a specific port channel, use the show running-config interface
port-channel command.
show running-config interface port-channel {channel-number}
Syntax Description
Defaults None
Command Modes Any
Command History
Examples The following example shows how to display the running configuration for port channel 10:
switch(config)# show running-config interface port-channel 10
version 4.0(4)SV1(1)
interface port-channel10
switchport
Related Commands
channel-number Number of the port-channel group. The range of values is from 1 to 4096.
Command Description
show port-channel
summary
Displays a summary of port-channel information.
Show Commands
show running-config port-profile
431
OL-20462-01
show running-config port-profile
To display the running configuration of port profiles, use the show running-config port-profile
command.
show running-config port-profile [prof_name]
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples The following example shows how to display the running configuration for all port profiles on the
switch:
n1000v# show running-config port-profile
port-profile type ethernet UplinkProfile1
description "Profile for critical system ports"
vmware port-group
no shutdown
port-profile type vethernet VethProfile
vmware port-group
vmware max-ports 5
no shutdown
n1000v#
Related Commands
prof_name (Optional) Port profile name.
Command Description
show port-profile Displays configurations for port profiles.
Show Commands
show svs domain
432
OL-20462-01
show svs domain
To display the VSM domain configuration, use the show svs domain command.
show svs domain
Defaults None
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to display the VSM domain configuration:
n1000v# config t
n1000v(config)# svs-domain
n1000v(config-svs-domain)# show svs domain
SVS domain config:
Domain id: 100
Control vlan: 100
Packet vlan: 101
Management vlan: 0
L2/L3 Control mode: L3
L2/L3 Control interface: mgmt0
Status: Config push to VC successful.
n1000v(config-svs-domain)#
Related Commands
4.0(4)SV1(2) The output of this command was modified to include the Layer 2 and Layer
3 transport mode configuration.
Command Description
svs-domain Creates and configures a domain for the Cisco Nexus 1000V that identifies
the VSM and VEMs and the control and packet VLANs for communication
and management.
Show Commands
show system vem feature level
433
OL-20462-01
To display the current software release supported, use the show system vem feature level command.
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to display the current VEM feature level:
switch# show system vem feature level
current feature level: 4.0(4)SV1(2)
n1000v#
Related Commands
Command Description
system update vem
feature level
Displays xxx.
Show Commands
show virtual-service-domain brief
434
OL-20462-01
To display a list of the VSDs currently configured in a VSM, including VSD names and port profiles,
use the show virtual-service-domain brief command.
Defaults None
Command Modes Any
network-operatorr
Command History
Usage Guidelines This command does not require a license.
Examples This example shows how to display a list of the VSDs currently configured in a VSM:
n1000v# show virtual-service-domain brief
Name default action in-ports out-ports mem-ports
vsd1 drop 1 1 4
vsd2 forward 1 1 0
vsim-cp# sho virtual-service-domain interface
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Name Interface Type Status
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
vsd1 Vethernet1 Member Active
vsd1 Vethernet7 Inside Active
vsd1 Vethernet8 Outside Active
vsim-cp# show virtual-service-domain name vsd1
Default Action: drop
___________________________
Interface Type
___________________________
Vethernet1 Member
Vethernet2 Member
Show Commands
435
OL-20462-01
Vethernet3 Member
Vethernet6 Member
Vethernet7 Inside
Vethernet8 Outside

n1000v#
virtual-service-domain Creates a virtual service domain that classifies and separates traffic for
network services.
Show Commands
show virtual-service-domain interface
436
OL-20462-01
To do the interfaces currently assigned to the VSDs in a VSM, use the show virtual-service-domain
interface command.
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to display the interfaces currently assigned to the VSDs in a VSM:
switch# show virtual-service-domain interface
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Name Interface Type Status
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Related Commands
Command Description
virtual-service-domain Creates a virtual service domain that classifies and separate
traffic for network services.
Show Commands
show virtual-service-domain name
437
OL-20462-01
To display a specific VSD currently configured in a VSM, including associated port profiles, use the
show virtual-service-domain name command.
show virtual-service-domain name virtual-service-domain_name
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines
Examples This example shows how to display a specific VSD configuration:
switch# show virtual-service-domain name vsd1
Default Action: drop
___________________________
Interface Type
___________________________
Vethernet1 Member
Vethernet2 Member
Vethernet3 Member
Vethernet6 Member
Vethernet7 Inside
Vethernet8 Outside

switch#
Related Commands
virtual-service-domain_name Name of the VSD.
Command Description
virtual-service-domain Creates a virtual service domain that classifies and separate traffic for
network services.
Show Commands
438
OL-20462-01
439
OL-20462-01
T Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter T.
tacacs-server deadtime
To set a periodic time interval where a nonreachable (nonresponsive) TACACS+ server is monitored for
responsiveness, use the tacacs-server deadtime command. To disable the monitoring of the
nonresponsive TACACS+ server, use the no form of this command.
tacacs-server deadtime minutes
no tacacs-server deadtime minutes
Syntax Description
Defaults 0 minutes
Command History
Usage Guidelines Setting the time interval to zero disables the timer. If the dead-time interval for an individual TACACS+
server is greater than zero (0), that value takes precedence over the value set for the server group.
When the dead-time interval is 0 minutes, TACACS+ server monitoring is not performed unless the
TACACS+ server is part of a server group and the dead-time interval for the group is greater than
0 minutes.
time Specifies the time interval in minutes. The range is from 1 to 1440.
T Commands
tacacs-server deadtime
440
OL-20462-01
In Global Configuration mode, you must first enable the TACACS+ feature, using the tacacs+ enable
command, before you can use any of the other TACACS+ commands to configure the feature.
Examples This example shows how to configure the dead-time interval and enable periodic monitoring:
switch(config)# tacacs-server deadtime 10
This example shows how to revert to the default dead-time interval and disable periodic monitoring:
switch(config)# no tacacs-server deadtime 10
deadtime Sets a dead-time interval for monitoring a nonresponsive TACACS+
server.
show tacacs-server Displays TACACS+ server information.
T Commands
tacacs-server directed-request
441
OL-20462-01
To allow users to send authentication requests to a specific TACACS+ server when logging in, use the
radius-server directed request command. To revert to the default, use the no form of this command.
no tacacs-server directed-request
Defaults Disabled
Command History
Usage Guidelines In Global Configuration mode, you must first enable the TACACS+ feature, using the tacacs+ enable
command, before you can use any of the other TACACS+ commands to configure the feature.
The user can specify the username@vrfname:hostname during login, where vrfname is the virtual
routing and forwarding (VRF) name to use and hostname is the name of a configured TACACS+ server.
The username is sent to the server name for authentication.
Note If you enable the directed-request option, the NX-OS device uses only the RADIUS method for
authentication and not the default local method.
Examples This example shows how to allow users to send authentication requests to a specific TACACS+ server
when logging in:
switch# config t
switch(config)# tacacs-server directed-request
This example shows how to disallow users to send authentication requests to a specific TACACS+ server
when logging in:
switch# config t
switch(config)# no tacacs-server directed-request
T Commands
442
OL-20462-01
show tacacs-server
directed request
Displays a directed request TACACS+ server configuration.
T Commands
tacacs-server host
443
OL-20462-01
tacacs-server host
To configure TACACS+ server host parameters, use the tacacs-server host command in configuration
mode. To revert to the defaults, use the no form of this command.
tacacs-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret] [port port-number]
[timeout seconds]
no tacacs-server host {hostname | ipv4-address | ipv6-address}
[key [0 | 7] shared-secret] [port port-number]
[timeout seconds]
Syntax Description
Defaults
hostname TACACS+ server Domain Name Server (DNS) name. The name is
ipv4-address TACACS+ server IPv4 address in the A.B.C.D format.
ipv6-address TACACS+ server IPv6 address in the X:X:X::X format.
key (Optional) Configures the TACACS+ servers shared secret key.
0 (Optional) Configures a preshared key specified in clear text (indicated by 0)
to authenticate communication between the TACACS+ client and server.
This is the default.
7 (Optional) Configures a preshared key specified in encrypted text (indicated
by 7) to authenticate communication between the TACACS+ client and
server.
shared-secret Preshared key to authenticate communication between the TACACS+ client
and server. The preshared key is alphanumeric, case sensitive, and has a
port port-number (Optional) Configures a TACACS+ server port for authentication. The range
is from 1 to 65535.
test (Optional) Configures parameters to send test packets to the TACACS+
server.
idle-time time (Optional) Specifies the time interval (in minutes) for monitoring the server.
The time range is 1 to 1440 minutes.
password password (Optional) Specifies a user password in the test packets. The password is
username name (Optional) Specifies a user name in the test packets. The username is
timeout seconds (Optional) Configures a TACACS+ server timeout period (in seconds)
between retransmissions to the TACACS+ server. The range is from 1 to 60
seconds.
Parameter Default
Idle-time disabled
T Commands
tacacs-server host
444
OL-20462-01
Command History
Usage Guidelines You must use the tacacs+ enable command before you configure TACACS+.
When the idle time interval is 0 minutes, periodic TACACS+ server monitoring is not performed.
Examples This example shows how to configure TACACS+ server host parameters:
switch(config)# tacacs-server host 10.10.2.3 key HostKey
switch(config)# tacacs-server host tacacs2 key 0 abcd
switch(config)# tacacs-server host tacacs3 key 7 1234
switch(config)# tacacs-server host 10.10.2.3 test idle-time 10
switch(config)# tacacs-server host 10.10.2.3 test username tester
switch(config)# tacacs-server host 10.10.2.3 test password 2B9ka5
Related Commands
Server monitoring disabled
Timeout 1 seconds
Test username test
Test password test
Command Description
T Commands
tacacs-server key
445
OL-20462-01
tacacs-server key
To configure a global TACACS+ shared secret key, use the tacacs-server key command. To removed a
configured shared secret, use the no form of this command.
tacacs-server key [0 | 7] shared-secret
no tacacs-server key [0 | 7] shared-secret
Syntax Description
Defaults None
Command History
Usage Guidelines You must configure the TACACS+ preshared key to authenticate the device on the TACACS+ server. The
length of the key is restricted to 63 characters and can include any printable ASCII characters (white
spaces are not allowed). You can configure a global key to be used for all TACACS+ server
configurations on the device. You can override this global key assignment by using the key keyword in
the tacacs-server host command.
You must use the tacacs+ enable command before you configure TACACS+.
Examples The following example shows how to configure TACACS+ server shared keys:
switch(config)# tacacs-server key AnyWord
switch(config)# tacacs-server key 0 AnyWord
switch(config)# tacacs-server key 7 public
communication between the TACACS+ client and server. This is the default.
7 (Optional) Configures a preshared key specified in encrypted text to
authenticate communication between the TACACS+ client and server.
shared-secret Preshared key to authenticate communication between the TACACS+ client
and server. The preshared key is alphanumeric, case sensitive, and has a
T Commands
tacacs-server key
446
OL-20462-01
T Commands
tacacs-server timeout
447
OL-20462-01
tacacs-server timeout
To specify the time between retransmissions to the TACACS+ servers, use the tacacs-server timeout
tacacs-server timeout seconds
no tacacs-server timeout seconds
Syntax Description
Defaults 5 seconds
Command History
Usage Guidelines You must use the tacacs+ enable command before you configure TACACS+.
Examples This example shows how to configure the TACACS+ server timeout value:
switch(config)# tacacs-server timeout 3
This example shows how to revert to the default TACACS+ server timeout value:
switch(config)# no tacacs-server timeout 3
Related Commands
seconds Seconds between retransmissions to the TACACS+ server. The range is from
1 to 60 seconds.
Command Description
T Commands
telnet
448
OL-20462-01
telnet
To create a Telnet session, use the telnet command.
telnet {ipv4-address | hostname} [port-number] [vrf vrf-name]
Syntax Description
Defaults Port 23
Default VRF
Command Modes Any
Command History
Usage Guidelines To use this command, you must enable the Telnet server using the telnet server enable command.
Examples This example shows how to start a Telnet session using an IPv4 address:
switch# telnet 10.10.1.1 vrf management
Related Commands
ipv4-address IPv4 address of the remote device.
hostname Hostname of the remote device. The name is alphanumeric, case
port-number (Optional) Port number for the Telnet session. The range is from
1 to 65535.
vrf vrf-name (Optional) Specifies the virtual routing and forwarding (VRF) name
to use for the Telnet session. The name is case sensitive.
Command Description
clear line Clears Telnet sessions.
telnet server enable Enables the Telnet server.
T Commands
449
OL-20462-01
To enable the Telnet server, use the telnet server enable command. To disable the Telnet server, use the
no telnet server enable
Defaults Enabled
Command History
Usage Guidelines
Examples This example shows how to enable the Telnet server:
switch# config t
switch(config)# telnet server enable
This example shows how to disable the Telnet server:
switch# config t
switch(config)# no telnet server enable
Related Commands
Command Description
show telnet server Displays the Telnet server configuration.
telnet Creates a Telnet session.
T Commands
tail
450
OL-20462-01
tail
To display the last lines of a file, use the tail command.
tail [filesystem:[//module/]][directory/]filename lines]
Syntax Description
Defaults 10 lines
Command Modes Any
Command History
Usage Guidelines
Examples This example shows how to display the last 10 lines of a file:
switch# tail bootflash:startup.cfg
ip arp inspection filter marp vlan 9
ip dhcp snooping vlan 13
ip arp inspection vlan 13
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
directory/ (Optional) Name of a directory. The name is case sensitive.
filename Name of the command file. The name is case sensitive.
lines (Optional) Number of lines to display. The range is from 0 to 80.
T Commands
tail
451
OL-20462-01
This example shows how to display the last 20 lines of a file:
switch# tail bootflash:startup.cfg 20
area 99 virtual-link 1.2.3.4
router rip Enterprise
router rip foo
address-family ipv4 unicast
router bgp 33.33
event manager applet sdtest
monitor session 1
monitor session 2
ip arp inspection filter marp vlan 9
ip dhcp snooping
ip arp inspection validate src-mac dst-mac ip
ip source binding 10.3.2.2 0f00.60b3.2333 vlan 13 interface Ethernet2/46
ip source binding 10.2.2.2 0060.3454.4555 vlan 100 interface Ethernet2/10
logging level dhcp_snoop 6
logging level eth_port_channel 6
copy Copies files.
T Commands
template data timeout
452
OL-20462-01
To designate a timeout period for resending NetFlow template data, use the template data timeout
command. To remove the timeout period, use the no form of this command.
template data timeout time
no template data timeout
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to configure a 3600-second timeout period for resending NetFlow flow
exporter template data:
switch# config t
switch(config-flow-exporter-version-9)# template data timeout 3600
This example shows how to remove the timeout period for resending NetFlow flow exporter template
data:
switch# config t
switch(config-flow-exporter-version-9)# no template data timeout
T Commands
453
OL-20462-01
T Commands
terminal event-manager bypass
454
OL-20462-01
To bypass the CLI event manager, use the terminal event-manager bypass command.
Defaults Event manager is enabled.
Command Modes Any
network-operator
Command History
Examples This example shows how to disable the CLI event manager:
switch# terminal event-manager bypass
switch#
Related Commands
Command Description
show terminal Displays terminal configuration.
T Commands
terminal length
455
OL-20462-01
terminal length
To set the number of lines that appear on the screen, use the terminal length command.
terminal length number
Syntax Description
Defaults 28 lines
Command Modes Any
network-operator
Command History
Usage Guidelines Set number to 0 to disable pausing.
Examples This example shows how to set the number of lines that appear on the screen:
switch# terminal length 60
switch#
Related Commands
number Number of lines. The range of valid values is 0 to 511.
Command Description
show terminal Displays the terminal configuration.
T Commands
terminal session-timeout
456
OL-20462-01
terminal session-timeout
To set session timeout, use the terminal session-timeout command.
terminal session-timeout time
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Usage Guidelines Set time to 0 to disable timeout.
Examples This example shows how to set session timeout:
switch# terminal session-timeout 100
switch#
Related Commands
time Timeout time, in seconds. The range of valid values is 0 to 525600.
Command Description
T Commands
terminal terminal-type
457
OL-20462-01
terminal terminal-type
To specify the terminal type, use the terminal terminal-type command.
terminal terminal-type type
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to specify the terminal type:
switch# terminal terminal-type vt100
switch#
Related Commands
type Terminal type.
Command Description
T Commands
terminal tree-update
458
OL-20462-01
To update the main parse tree, use the terminal tree-update command.
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to update the main parse tree:
switch# terminal tree-update
switch#
Related Commands
Command Description
T Commands
terminal width
459
OL-20462-01
terminal width
To set terminal width, use the terminal width command.
terminal width number
Syntax Description
Defaults 102 columns
Command Modes Any
network-operator
Command History
Examples This example shows how to set terminal width:
switch# terminal width 60
switch#
Related Commands
number Number of characters on a single line. The range of valid values is 24 to 511.
Command Description
T Commands
test aaa
460
OL-20462-01
test aaa
To test for AAA on a RADIUS server or server group, use the test aaa command.
test aaa {group group-name user-name password | server radius address {user-name password |
vrf vrf-name user-name password]}}
Syntax Description
Defaults None
Command Modes Any
network-operator
Command History
Examples This example shows how to test for AAA on RADIUS server:
switch# test aaa server radius ts1 vrf route1 user1 9w8e7r
switch#
Related Commands
group Specifies an AAA server group.
group-name AAA server group name. The range of valid values is 1 to 32.
user-name User name. The range of valid values is 1 to 32.
password User password. The range of valid values is 1 to 32.
server Specifies an AAA server.
radius Specifies a RADIUS server.
address IP address or DNS name.
vrf Specifies a virtual route.
vrf-name Virtual route.name.
Command Description
show aaa Displays AAA information.
T Commands
traceroute
461
OL-20462-01
traceroute
To discover the routes that packets take when traveling to an IPv4 address, use the traceroute command.
traceroute {dest-ipv4-addr | hostname} [vrf vrf-name] [show-mpls-hops] [source src-ipv4-addr]
Syntax Description
Defaults Uses the default VRF.
Does not show the MPLS hops.
Uses the management IPv4 address for the source address.
Command Modes Any
Command History
Usage Guidelines To use IPv6 addressing for discovering the route to a device, use the traceroute6 command.
Examples This example shows how to discover a route to a device:
switch# traceroute 172.28.255.18 vrf management
traceroute to 172.28.255.18 (172.28.255.18), 30 hops max, 40 byte packets
1 172.28.230.1 (172.28.230.1) 0.746 ms 0.595 ms 0.479 ms
2 172.24.114.213 (172.24.114.213) 0.592 ms 0.51 ms 0.486 ms
3 172.20.147.50 (172.20.147.50) 0.701 ms 0.58 ms 0.486 ms
4 172.28.255.18 (172.28.255.18) 0.495 ms 0.43 ms 0.482 ms
Related Commands
dest-ipv4-addr IPv4 address of the destination device. The format is A.B.C.D.
hostname Name of the destination device. The name is case sensitive.
vrf vrf-name (Optional) Specifies the virtual routing and forwarding (VRF) to use. The
name is case sensitive.
show-mpls-hops (Optional) Displays the Multiprotocol Label Switching (MPLS) hops.
source src-ipv4-addr (Optional) Specifies a source IPv4 address. The format is A.B.C.D.
Command Description
traceroute6 Discovers the route to a device using IPv6 addressing.
T Commands
transport udp (NetFlow)
462
OL-20462-01
To add a destination UDP port from the NetFlow exporter to the collector, use the transport udp
command. To remove the port, use the no form of this command.
transport udp portnumber
no transport udp
Syntax Description
Defaults None
Command Modes Netflow Flow Exporter Configuration (config-flow-exporter)
Command History
Usage Guidelines Avoid using well-known ports 1-1024 when possible.
Examples This example shows how to add UDP 200 to the flow exporter:
n1000v(config-flow-exporter)# transport udp 200
This example shows how to remove UDP 200 from the flow exporter:
n1000v(config-flow-exporter)# no transport udp 200
Related Commands
portnumber Destination UDP number from 1 to 65535.
Command Description
T Commands
463
OL-20462-01
T Commands
464
OL-20462-01
465
OL-20462-01
U Commands
Revised: December 15, 2009, OL-20462-01
This chapter describes the Cisco Nexus 1000V commands that begin with the letter U.
username
To create and configure a user account, use the username command. To remove a user account, use the
username user-id [expire date [past] ] [password [0 | 5] password] [role role-name] [ sshkey
{file uri | key }]
no username user-id [ role role-name]
Syntax Description user-id User identifier, a case-sensitive, alphanumeric character string with a
maximum length of 28 characters.
Note The following characters are not permitted in usernames:
#
@
expire date (Optional) The expiration date for the user account in the format:
YYYY-MM-DD.
password (Optional) Specifies a password for the account. The default is no password.
0 (Optional) Specifies that the password is in clear text. Clear text passwords
are encrypted before they are saved to the running configuration.\
5 (Optional) Specifies that the password is in encrypted format. Encrypted
passwords are not changed before they are saved to the running
configuration.
password Password string. The password is alphanumeric, case sensitive, and has a
Note The following character is not permitted in clear text passwords:
$
role role-name (Optional) Specifies the user role. The role-name is case sensitive.
U Commands
username
466
OL-20462-01
Defaults No expiration date, password, or SSH key.
The default role is the admin user role.
Command History
Usage Guidelines You cannot delete the default admin user role.
You cannot change the expiration date for the the default admin user role.
You cannot remove the network-admin role for the default admin user role.
In you have enabled password-strength checking, you can only assign strong passwords. The following
are the characteristics of a strong password:
At least eight characters long
Does not contain many consecutive characters (such as abcd)
Does not contain many repeating characters (such as aaabbb)
Does not contain dictionary words
Does not contain proper names
Contains both uppercase and lowercase characters
Contains numbers
Caution If you do not specify a password for the user account, the user might not be able to log in.
Examples This example shows how to create a user account with a password and a user role:
switch# config t
switch(config)# username user1 password Ci5co321 role network-admin
sshkey (Optional) Specifies an SSH key for the user account.
key SSH public key string.
file filename Specifies the location of the file that contains the SSH public key string.
bootflash: file containing host public key for the user
volatile: file containing host public key for the user
U Commands
username
467
OL-20462-01
This example shows how to configure the SSH key for a user account:
switch# config t
switch(config)# username user1 sshkey file bootflash:key_file
password strength-check Checks the password security strength.
show user-account Displays the user account configuration.
U Commands
username
468
OL-20462-01
469
OL-20462-01
V Commands
Revised: December 15, 2009, OL-20462-01
This chapter describes the Cisco Nexus 1000V commands that begin with the letter V.
vem
To configure a Virtual Ethernet Module (VEM), use the vem command. To remove a VEM configuration,
vem module-number [- module-number]
no vem module-number [- module-number]
Syntax Description
Defaults None
Command History
Usage Guidelines Specify a range of VEMs by using a dash. For example, 3-9 or 20-30.
Examples This example shows how to create a VEM and enter the VEM slot configuration mode:
module-number Specifies a module number. The range of valid values is 3 to 66.
V Commands
vem
470
OL-20462-01
switch(config)# vem 10
switch(config-vem-slot)#
This example shows how to remove a VEM:
switch(config)# no vem 10
switch(config)#
show module vem Displays information about the VEM module.
V Commands
version 9
471
OL-20462-01
version 9
To designate NetFlow export version 9 in the NetFlow exporter, use the version 9 command. To remove
version 9, use the no form of this command.
version 9
no version 9
Defaults None
Command Modes NetFlow flow exporter (config-flow-exporter)
Command History
Usage Guidelines
Examples This example shows how to configure version 9 for a Netflow flow exporter:
switch# config t
switch(config-flow-exporter-version-9)#
This example shows how to remove version 9 from the Netflow flow exporter:
switch# config t
switch(config-flow-exporter-version-9)# no version 9
V Commands
version 9
472
OL-20462-01
option exporter-stats timeout Specifies a timeout period for resending NetFlow flow exporter
data.
option interface-table timeout Specifies a timeout period for resending the NetFlow flow exporter
interface table.
template data timeout Specifies a timeout period for resending NetFlow flow exporter
template data.
V Commands
virtual-service-domain
473
OL-20462-01
virtual-service-domain
To classify and separate traffic for network services, use the virtual-service-domain command. To
remove a virtual service domain, use the no form of this command.
virtual-service-domain vsd-name
no virtual-service-domain
Syntax Description
Defaults None
Command History
Usage Guidelines
Examples This example shows how to configure a port profile for a VSD:
switch# config t
switch(config)# port-profile vsd1_member
switch(config-port-prof)# vmware port-group
switch(config-port-prof)# switchport access vlan 315
switch(config-port-prof)# virtual-service-domain vsd1
switch(config-port-prof)# no shutdown
switch(config-port-prof)# state enabled
This example shows how to remove the virtual service domain configuration:
switch# config t
switch(config)# port-profile vsd1_member
switch(config-port-prof)# no virtual-service-domain vsd1
Related Commands
vsd-name Creates and names a virtual service domain.
Command Description
show virtual-service-domain Displays a list of the VSDs currently configured in the VSM,
including VSD names and port profiles.
V Commands
vlan
474
OL-20462-01
vlan
To create a VLAN and enter the VLAN configuration mode, use the vlan command. To remove a VLAN,
vlan {id | dot1Q tag native}
no vlan {id | dot1Q tag native}
Syntax Description
Defaults The default VLAN is VLAN 1.
Command History
Usage Guidelines Specify a VLAN range by using a dash. For example, 1-9 or 20-30.
Examples This example shows how to create a VLAN and enter the VLAN configuration mode:
This example shows how to remove a VLAN:
switch(config)# no vlan 10
switch(config)#
Related Commands
dot1Q tag native Specifies an IEEE 802.1Q virtual LAN.
Command Description
show vlan Displays VTP VLAN status.
V Commands
vmware dvs datacenter-name
475
OL-20462-01
vmware dvs datacenter-name
To create a VMware virtual switch, use the vmware dvs datacenter-name command. To remove the
virtual switch, use the no form of this command.
vmware dvs datacenter-name name
no vmware dvs
Syntax Description
Defaults None
Command History
Usage Guidelines To create a virtual switch, you must be in the SVS connection configuration mode. Use the svs
connection command to create a connection and enter that mode. The number of SVS connections that
can be created is limited to one.
Examples This example shows how to create a VMware virtual switch:
switch(config-svs-conn)# vmware dvs datacenter-name dc1
This example shows how to remove a VMware virtual switch:
switch(config)# svs connect s1v
switch(config-svs-conn)# no vmware dvs datacenter-name dc1
Related Commands
name Switch name.
Command Description
show vmware Displays VMware information.
V Commands
vmware max-ports
476
OL-20462-01
vmware max-ports
To create the maximum number of ports for the VMware port profile, use the vmware max-ports
command. To remove the maximum port configuration, use the no form of this command.
vmware max-ports number
no vmware dvs
Syntax Description
Defaults 32 ports
Command History
Usage Guidelines To specify the maximum number of VMware ports to configure, you must be in port profile configuration
mode.
Examples This example shows how to set the maximum number of VMware ports in a port profile:
switch(config-port-prof)# vmware max-ports 100
This example shows how to remove the maximum VMware ports configuration:
switch(config-port-prof)# no vmware max-ports 100
Related Commands
number Specifies the maximum number of ports. The range of valid values is 1 to 1024.
Command Description
show port-profile
name
Displays configuration information about a particular port-profile.
V Commands
vmware port-group
477
OL-20462-01
vmware port-group
To create a VMware port group, use the vmware port-group command. To remove the VMware port
group, use the no form of this command.
vmware port-group name
no vmware port-group name
Syntax Description
Defaults None
Command History
Usage Guidelines To create the VMware port group, you must be in port profile configuration mode.
Examples This example shows how to create a VMware port group:
switch(config-port-prof)# vmware port-group testgroup
This example shows how to remove the VMware port group:
switch(config-port-prof)# no vmware port-group testgoup
Related Commands
name Specifies the name of the VMware port group.
Command Description
show port-profile
name
Displays configuration information about a particular port-profile.
V Commands
vmware vc extension-key
478
OL-20462-01
vmware vc extension-key
To create an extension key, use the vmware vc extension-key command.
vmware vc extension-key key
Syntax Description
Defaults The key does not exist.
Command History
Usage Guidelines An extension key is used to connect to an instance of Virtual Center.
Examples This example shows how to create an extension key:
switch(config)# vmware vc extension-key 10
switch(config)#
Related Commands
key Extension key number. The range of valid values is 1 to 80.
Command Description
show vmware vc
extension-key
Displays extension key information.
479
OL-20462-01
W Commands
This chapter describes the Cisco Nexus 1000V commands that begin with the letter W.
where
To display your current context in the command-line interface (CLI), use the where command.
where [detail]
Syntax Description
Defaults Displays summary context information.
Command Modes Any
Command History
Usage Guidelines This command helps you track where you are in the CLI and how you got there.
Examples This example shows how to display summary context information:
switch(config-if)# where
?conf; interface Ethernet2/3 admin@switch%default
detail (Optional) Displays detailed context information.
W Commands
where
480
OL-20462-01
This example shows how to display detailed context information:
switch(config-if)# where detail
?conf; interface Ethernet2/3 admin@switch%default
mode: conf
interface Ethernet2/3
username: admin
vdc: switch
routing-context vrf: default
W Commands
write erase
481
OL-20462-01
write erase
To erase configurations in persistent memory areas, use the write erase command.
write erase [boot | debug]
Syntax Description
Defaults Erases all configuration in persistent memory except for the boot variable, mgmt0 interface, and debug
configuration.
Command Modes Any
Command History
Usage Guidelines You can use this command to erase the startup configuration in the persistent memory when information
is corrupted or otherwise unusable. Erasing the startup configuration returns the device to its initial state,
except for the boot variable, mgmt0 interface, and debug configurations. You have to explicitly erase
those configurations with the boot and debug options.
Examples This example shows how to erase the startup configuration:
switch(config)# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n) [n] y
This example shows how to erase the boot variable and mgmt0 interface configuration in the persistent
memory:
switch(config)# write erase boot
This example shows how to erase the debug configuration in the persistent memory:
switch(config)# write erase debug
boot (Optional) Erases only the boot variable and mgmt0 interface configuration.
debug (Optional) Erases only the debug configuration.
W Commands
write erase
482
OL-20462-01
copy running-config startup-config Copies the running configuration to the startup configuration.
show running-config Displays the startup configuration.

n1000v Cmds

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

n1000v Cmds

Uploaded by

Copyright:

Available Formats

Send document comment s t o nexus1k- docf eedback@ci sco. com.

You might also like